SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.)
The emails described try to kid the victim that they've under-reported or failed to report income, in the hope of persuading them to access a malicious URL in order to download an equally malicious file (Zeus, by the sound of it). Of course, there are other scams that try to get you to give them sensitive financial and personal information: be on the lookout for those too.
Folks, the IRS is not going to send you email about tax problems, or to offer you a tax rebate. (By the way, the same applies to the UK tax authorities.) In fact, I'd be happy to get the IRS to talk to me at all over a little matter of withheld royalties, but I'm sure you don't want to hear about that...
- Unsolicited attachments or URLs received in unsolicited email relating to tax issues are almost certainly going to be malicious. Like many attachments and URLs that don't relate to tax issues!
- If you need IRS documentation or forms from the web, don't trust links in emails: go to the IRS site and navigate to them from there. Yes, I know navigating that site is a nightmare, but it's not as bad as losing money or your identity to a scammer.
Despite the negative experiences of some of its clients, the IRS does have a reasonably good page on "How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites" here. Even bureaucrats get things right sometimes.
If we see other scams reported in the run-up to the IRS 15th April deadline for filing tax returns, we'll let you know.
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/