Network News

X My Profile
View More Activity

Beware Targeted Data-Stealing Tax Scam

A fresh round of targeted e-mail attacks is underway, arriving in messages that personally address both the recipient and his or her employer. One pretends to be sent from the IRS requesting more information about company tax filings. Another set of targeted e-mails purport to be sent from Microsoft, urging recipients to download and install a new security update. Both try to trick the user into installing software that steals personal and financial data from the victim's PC.

The messages spoofing the IRS are very convincing (you can see a copy of one sent to one of the corporate finance officer for Sunbelt Software at this link here). The attached file, a screensaver file made to look like an Adobe PDF file named "tax_refund_file.scr", when clicked, silently downloads malware and pops up a seemingly random PDF document as a diversion.

The Microsoft attack arrives in an e-mail with the subject heading: "Critical Patch Released: Microsoft Security Bulletin MS08-64738". The wording of that subject line strikes me as a sly dig at Redmond, which issues its security updates sequentially and doesn't typically issue more than 100 such updates a year. This imaginary update, on the other hand, claims to be the 64,738th patch from Microsoft this year!

Matthew Richard, director of rapid response for iDefense, a VeriSign company, said both attacks appear to have been engineered by the same groups responsible for at least 25 distinct, similarly targeted malware campaigns launched since Feb. 2007, including one spoofing the the U.S. Justice Department. Richard said this latest IRS scam has already tricked more than 1,600 people into opening the malicious attachments.

By Brian Krebs  |  April 4, 2008; 2:22 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Consumers Report $239 Million Lost To Cyber Fraud In '07
Next: Opera Updates and a Black Tuesday Preview

Comments

Thank You for the info...

Posted by: Del | April 14, 2008 3:51 PM | Report abuse

I looked at the "scam" email referenced.

I cannot believe that some high level exec of a company would believe that the IRS was communicating with them via email.

When the IRS gets in touch with my company, it does so my registered nor certified mail.

Posted by: Peter | April 15, 2008 6:15 PM | Report abuse

I've been getting all sorts of that stuff. Lately its been loans. Just send amount,name address ect. So i've been replying sending the white houses e-mail and MR. GEORGE BUSH AS PRESIDENT OF THE COMPANY. MAYBE HE CAN BARROW ENOUGH TO HELP THE COUNTRY ??

Posted by: marvin barker | April 16, 2008 7:29 AM | Report abuse

kdtb mxdvpaw padwklh shelrxony dxynasc ruepyhm kuio

Posted by: qbrcwayx iaytpfdx | April 17, 2008 2:31 PM | Report abuse

ywnuf eafv lrxd tlhqyj cvkfqsda nboljevc tynxubs http://www.nghmoyrwz.vmkwo.com

Posted by: pfvty lbph | April 17, 2008 2:31 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company