SophosLabs blog

I’d like to take this opportunity to remind our US customers to be on the watch for IRS phishing scams.

IRS phishing scams are not really a new thing but it’s that time of year again and the phishers are looking to cash in… Again.

You might receive an email purporting to be from the Internal Revenue Service explaining that you have received a tax refund. The email looks like this:

The ‘do not try this at home (and/or work!)’ warning definitely applies here but if you did click the ‘click here’ link in the email, your browser would load a page looking like this:

There are a few clues that this is not actually a legitimate US Government site:

1. the page is not hosted on a .gov domain. (eg. http://www.irs.gov/)
2. the IRS department uses RC4 128 bit SSL where the phish site does not (or: the phish site starts with “http://” where, any part of the IRS government site that asks for your social security number will start with “https:/”)
3. the phish site asks for your ATM Pin number. I’m sure the US government would never ask for that!

If you get an email like this, you should delete it. Or, better still, forward it to is-spam@sophos.com so we can use it to improve our detection, then delete it.

Posted on May 23rd, 2007 by Neil, SophosLabs AU
Filed under: General

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Voice phishing on a phishing alert
• Phishing gangs capitalize on upcoming UK government tax breaks
• eWay - Online phishing made easy!
• Italian Phishing scam
• A new phish frontier: Phishing of domain registrar accounts