I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.

Ira Winkler, Field CISO & Vice President, CYE

September 30, 2009

1 Min Read

I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.I promised myself that I would not use the word "stupid" anymore. Unfortunately, the IRS spam is so bad that you really have to be stupid to click on the link. The message looks nothing like a formal notice: It has a taxpayer ID number that should be synonymous with a Social Security number, but is just random garbage. The "To:" field goes to a random name. It even goes so far as to use the term "Fraud Application." Hey -- at least these criminals are honest about their intent.

All IRS communications come through regular mail, not email.

But despite all of these red flags, the IRS virus is spreading rapidly, meaning it is fooling a lot of people. What will it take for users to recognize fraud when they see it? The virus designers made little effort to make the messages look legitimate at all.

Users who fall victim to this current attack are just flat out clueless. Frankly I wouldn't care that much except they are endangering others. Anyone who falls victim to this attack should have their Internet access revoked. Period.

Ira Winkler, CISSP, is president of the Internet Security Advisors Group and author of Spies Among Us. He can be reached via his Website.

About the Author(s)

Ira Winkler

Field CISO & Vice President, CYE

Ira Winkler, CISSP, is the Director of the Human Security Engineering Consortium and author of the books You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world’s most influential security professionals and was named “The Awareness Crusader” by CSO Magazine in receiving its CSO COMPASS Award. He has designed, implemented, and supported security awareness programs at organizations of all sizes, in all industries, around the world. Ira began his career at the National Security Agency, where he served in various roles as an Intelligence and Computer Systems Analyst. He has since served in other positions supporting the cybersecurity programs in organizations of all sizes.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights