Network News

X My Profile
View More Activity

Phishers Promise IRS Refund

A new phishing scam is going around in an e-mail telling people they are eligible for a tax refund from the Internal Revenue Service in the amount of $571, according to an alert posted by Abingdon, England-based antivirus software maker Sophos. The most interesting thing about this scam is that it actually redirects victims through a real U.S. government Web site.

This particular scam takes advantage of a URL-forwarding functionality built into, a Web site that President Bush urged citizens just weeks ago to visit as a one-stop shop for hurricane victims seeking government aid.

Most phishing e-mails urge recipients to click on a link that then takes them to a counterfeit site mimicking that of the supposed sender. This scam tries to look more legit by asking users to visit the fake IRS site by cutting and pasting the included link into a Web browser.

Even if the user manually types out the link in their Web browser address bar, they will still be sent to the GovBenefits site, which then dutifully forwards the user on to the phishers' fake IRS site. (The redirection only happens if you use the address from the e-mail. Entering the basic address -- -- will still get you to the legitimate site.)

"This is a pretty clever scam," said Graham Cluley, senior technology consultant at Sophos. "A lot of people have learned to be nervous about clicking on links, so people may think that by typing in or pasting the link they will be safer, when of course that's not the case."

The message (which you can read here) says users have 12 days to claim their refund, saying the refund check may have been delayed because of a Social Security number mismatch or because the taxpayer forgot to electronically sign their return. The real "tell" here, though, is that the site asks for your Social Security and credit card numbers.

By Brian Krebs  |  November 30, 2005; 11:50 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Update Patches 13 Flaws
Next: Sony Rootkit Sleuth to Join Class Action Suit


these things redirect to a specific page on a specific website... how difficult is it to shut down and prosecute those running these scams?

Posted by: corbett | November 30, 2005 2:38 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company