Security news
Security news4 July 2006
Bogus $63.80 IRS tax refund could put your finances at risk Phishing email targets North American taxpayers
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a bogus email that tells taxpayers that they are eligible to receive a tax refund from the Internal Revenue Service (IRS).
The spammed email poses as a federal tax refund for $63.80, but has actually been designed by hackers to steal confidential information from individuals.
The emails, which have the subject line "IRS Notification - Please Read This", claim that IRS has determined that the recipient is eligible to receive a tax refund, and is invited to visit a website to submit their bank information to receive the money.
The phishing email invites taxpayers to visit a bogus website to collect a non-existent refund.
However, the website is disguised to appear like the real IRS website, and is designed to steal the user's social security number and credit card details.
The bogus website is disguised to look like the real IRS website, but is designed to steal information.
"The criminals behind these emails are banking on people's desire to get money back off the taxman," said Graham Cluley, senior technology consultant for Sophos. "Taxpayers who visit the bogus website risk handing over their social security numbers and credit card details straight into the hands of hackers. The fact is that the IRS never uses email to tell taxpayers that they are eligible for a refund."
Following a spate of email phishing campaigns the IRS has published advice on its website for computer users on how to avoid phishing emails.
Earlier this year, Sophos revealed in a survey that 58% of people receive a phishing email every day, and the company recommends that computer users protect themselves with a consolidated solution which can defend against the threats of spam, spyware and viruses.
Organizations concerned about being fraudulently represented in phishing campaigns can sign up to the Sophos early warning system, Sophos PhishAlert.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
