Risk
5/9/2008
04:10 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Phishing Campaign Targets Tax Rebate Checks

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit and include a Web link to an online submission form.

The Internet Crime Complaint Center (IC3) on Thursday issued a warning about a phishing campaign designed to steal personal information from consumers using the promise of a tax rebate check as bait.

IC3 is jointly run by the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit. They include a Web link to an online submission form designed to steal submitted information from those fooled into believing that providing personal data will hasten the arrival of their tax rebate.

The IC3 includes a sample phishing message that purports to be from the Internal Revenue Service. It warns recipients that failure to submit information by May 10 may delay the promised funds.

In fact, the IRS is sending economic stimulus payments, ranging from $300 to $1,200, out to about 130 million U.S. households this month. But it's not sending anyone e-mail offering to hasten delivery through direct deposit of the funds.

"Consumers are advised that the IRS does not initiate taxpayer communications via e-mail," IC3 warns. "In addition, the IRS does not request detailed personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts."

Furthermore, IC3 advises against opening e-mail from unknown senders or clicking on links in such messages.

According to the Anti-Phishing Working Group, 29,284 unique phishing reports were submitted to the organization in January, an increase of more than 3,600 from the previous month.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio