I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.I promised myself that I would not use the word "stupid" anymore. Unfortunately, the IRS spam is so bad that you really have to be stupid to click on the link. The message looks nothing like a formal notice: It has a taxpayer ID number that should be synonymous with a Social Security number, but is just random garbage. The "To:" field goes to a random name. It even goes so far as to use the term "Fraud Application." Hey -- at least these criminals are honest about their intent.
All IRS communications come through regular mail, not email.
But despite all of these red flags, the IRS virus is spreading rapidly, meaning it is fooling a lot of people. What will it take for users to recognize fraud when they see it? The virus designers made little effort to make the messages look legitimate at all.
Users who fall victim to this current attack are just flat out clueless. Frankly I wouldn't care that much except they are endangering others. Anyone who falls victim to this attack should have their Internet access revoked. Period.
Ira Winkler, CISSP, is president of the Internet Security Advisors Group and author of Spies Among Us. He can be reached via his Website.