IRS spam rockets as tax deadline nears

Share this article:
Scammers are increasingly taking advantage of next month's income tax deadline by distributing phishing emails seeking end-users' personal information.

Researchers at anti-virus vendor Secure Computing reported last week that they saw more incidents of Internal Revenue Service and tax-related email scams during January than the entire first half of 2007 – a year-over-year spike of 3,000 percent.

The massive increase is partially due to the proliferation of do-it-yourself (DIY) phishing kits, malware and suspicious scripts associated with tax-related websites, according to Secure Computing.

“I think a lot of it has to do with DIY phishing kits that are much more readily available, and how much easier it is to infect websites to get people to come to your server,” said Paula Greve, director of web security research at the San Jose, Calif.-based vendor of enterprise gateway security solutions. “It's becoming much easier and there's a huge financial incentive. A lot of people are interested in instant gratification and they're willing to pursue these other options [for a quicker refund].”

IRS phishing scams appear yearly as millions of Americans prepare to file their tax returns before the April 15 deadline. Last summer, the traditional IRS phishing email took on a different twist when phishers specifically targeted corporate executives.

Researchers at MessageLabs, an email and instant messaging security vendor, disclosed this week that the January volume of IRS-related spam was 10 times its normal level, while tax-specific malware increased by six percent.

The New York-based vendor reported that captured phishing samples linked to numerous phishing pages. However, if the end-user completed a form requesting personal and financial information, they were re-directed to the authentic IRS page, according to analysts.

Matt Sergeant, senior anti-spam technologist at MessageLabs, told SCMagazineUS.com today that his company is seeing a high volume of IRS spam because of the wide distribution of botnets.

“I think the major thing [this year] is volume – there's much more this year than the previous year,” he said, describing a 100 percent increase. “It's probably because of the power of the botnets that [spammers] have access to now. The low, cheap prices and the spamming economy let them buy access to botnets at a very low price.”

Late last year, researchers warned email users about phishing messages targeting corporate executives disguised as notifications from the U.S. Treasury Department.

McAfee Avert Labs expert Vinoo Thomas said this month that his firm has captured scams purporting to offer a $375 refund to email users who disclose their personal information and financial details, such as ATM pin numbers.

The phish's corresponding website, first seen by McAfee on Jan. 28, was hosted on a legitimate U.S.-based site without the owner's knowledge, according to the Santa Clara, Calif.-based company.

The IRS, which has dedicated a section of its website to phishing and email scams, warned taxpayers last month to beware of sham emails offering advance payment checks from the federal government.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.