Content

Tech thieves target the taxed

As the April 15 annual tax deadline approaches, cyber fraudsters are ramping up attacks against online American tax filers to steal confidential information, security experts warned today.

Websense Security Labs reported that it has seen a sharp hike in phishing attacks via fraudulent emails and websites that spoof the Internal Revenue Service (IRS) since the end of last year. The firm reported uncovering phishing scams targeting U.S. citizens that originate on compromised servers in several countries outside of the U.S.

Recent trends indicate that by just visiting a website, many types of phishing URLs can install spyware, such as malicious keyloggers, which have the ability to capture data - including network passwords or social security numbers - without users' knowledge.

It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords or trade secrets to jeopardize an entire organizations' intellectual property, Websense warned.

"Cyber thieves sit back and wait for current events such as tax season which provide an opportunity to manipulate the web for monetary rewards," said Dan Hubbard, senior director for security and technology research, Websense. "With tens of millions of online users filing their taxes on the internet, many web filers readily disclose personal identifiers such as network passwords, social security numbers, bank account numbers or their mother's maiden name. The combination of having a large pool of potential users to target and the timeliness of the current event could lead to high numbers of both consumer and corporate victims."

According to the IRS, 68.5 million tax returns were electronically filed in 2005, and that number is expected to increase at a record pace this year. The IRS also expects fraud attempts to rise and has published its own warnings in an attempt to educate the public on these scams.

According to the IRS website, fraudulent emails appearing to come from [email protected], [email protected] or other similar irs.gov themed addresses offer a tax refund and direct recipients to a link contained in the email. The link directs users to a clone of the IRS website that is modified to ask for personal and financial information not required by the real IRS page.

According to Websense, many of these bogus sites have similar characteristics in their URL paths and include /IRS/claimrefund/caseid or www[dot]irs[dot]gov in the path.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.