Risk
5/9/2008
04:10 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Phishing Campaign Targets Tax Rebate Checks

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit and include a Web link to an online submission form.

The Internet Crime Complaint Center (IC3) on Thursday issued a warning about a phishing campaign designed to steal personal information from consumers using the promise of a tax rebate check as bait.

IC3 is jointly run by the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit. They include a Web link to an online submission form designed to steal submitted information from those fooled into believing that providing personal data will hasten the arrival of their tax rebate.

The IC3 includes a sample phishing message that purports to be from the Internal Revenue Service. It warns recipients that failure to submit information by May 10 may delay the promised funds.

In fact, the IRS is sending economic stimulus payments, ranging from $300 to $1,200, out to about 130 million U.S. households this month. But it's not sending anyone e-mail offering to hasten delivery through direct deposit of the funds.

"Consumers are advised that the IRS does not initiate taxpayer communications via e-mail," IC3 warns. "In addition, the IRS does not request detailed personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts."

Furthermore, IC3 advises against opening e-mail from unknown senders or clicking on links in such messages.

According to the Anti-Phishing Working Group, 29,284 unique phishing reports were submitted to the organization in January, an increase of more than 3,600 from the previous month.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.