It is tax time in the United States, and scammers are seizing the opportunity to launch new attacks on your bank accounts and steal your identity.
One new twist involves the use of SMS text messages sent to phones. In this phishing attack, the message reads similar to:
NOTICE: You have 71 IRS UNITS pending for refunding, please visit xxxxx website.com ASAP
Users of most smart phones can visit the scammer's site using their phone simply by following the link. Others must type the address into their browser once they get to a computer. Once there, a phishing site asks for personal and banking account information.
In another scam, an email bearing the name and logo of the Internal Revenue Service tells recipients that they must register for direct deposit at an official website in order to get their rebate check as promised by the proposed "economic stimulus" package. These messages contain subjects such as "2007 fiscal activity rebate". The link in the email points to yet another phishing site asking for personal information and bank accounts numbers.
Keep in mind that the proposed stimulus package has not yet passed and the terms of the deal are still being debated on Capitol Hill. Also, the IRS and U.S. Treasury do not require individuals to use direct deposit.
Similar scams using dishing (voice phishing) phone calls have also been reported. These scams usually hide or spoof the Caller ID information to seem more credible.
These types of scams are expected to increase throughout the American tax season, which ends on April 15. The scams involving the economic stimulus package could go on for while longer. Until the plan is finalized, no one will be getting checks from the government. Current estimates put possible check mailing dates in June or July.
All the usual warnings regarding phishing apply, and user education is really the only way to combat this sort of social engineering. Treat unsolicited SMS messages and phone calls with the same critical eye that you would use for unsolicited email.
Today's Security Strategy Must be Future-Proof
CTU Research Incident Response and Management Information Security Intelligence Risk Management