IRS spam rockets as tax deadline nears

Share this article:
Scammers are increasingly taking advantage of next month's income tax deadline by distributing phishing emails seeking end-users' personal information.

Researchers at anti-virus vendor Secure Computing reported last week that they saw more incidents of Internal Revenue Service and tax-related email scams during January than the entire first half of 2007 – a year-over-year spike of 3,000 percent.

The massive increase is partially due to the proliferation of do-it-yourself (DIY) phishing kits, malware and suspicious scripts associated with tax-related websites, according to Secure Computing.

“I think a lot of it has to do with DIY phishing kits that are much more readily available, and how much easier it is to infect websites to get people to come to your server,” said Paula Greve, director of web security research at the San Jose, Calif.-based vendor of enterprise gateway security solutions. “It's becoming much easier and there's a huge financial incentive. A lot of people are interested in instant gratification and they're willing to pursue these other options [for a quicker refund].”

IRS phishing scams appear yearly as millions of Americans prepare to file their tax returns before the April 15 deadline. Last summer, the traditional IRS phishing email took on a different twist when phishers specifically targeted corporate executives.

Researchers at MessageLabs, an email and instant messaging security vendor, disclosed this week that the January volume of IRS-related spam was 10 times its normal level, while tax-specific malware increased by six percent.

The New York-based vendor reported that captured phishing samples linked to numerous phishing pages. However, if the end-user completed a form requesting personal and financial information, they were re-directed to the authentic IRS page, according to analysts.

Matt Sergeant, senior anti-spam technologist at MessageLabs, told SCMagazineUS.com today that his company is seeing a high volume of IRS spam because of the wide distribution of botnets.

“I think the major thing [this year] is volume – there's much more this year than the previous year,” he said, describing a 100 percent increase. “It's probably because of the power of the botnets that [spammers] have access to now. The low, cheap prices and the spamming economy let them buy access to botnets at a very low price.”

Late last year, researchers warned email users about phishing messages targeting corporate executives disguised as notifications from the U.S. Treasury Department.

McAfee Avert Labs expert Vinoo Thomas said this month that his firm has captured scams purporting to offer a $375 refund to email users who disclose their personal information and financial details, such as ATM pin numbers.

The phish's corresponding website, first seen by McAfee on Jan. 28, was hosted on a legitimate U.S.-based site without the owner's knowledge, according to the Santa Clara, Calif.-based company.

The IRS, which has dedicated a section of its website to phishing and email scams, warned taxpayers last month to beware of sham emails offering advance payment checks from the federal government.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.