Escaping the phishing net
Sunday, March 26, 2006
It's official. I'm tax scam bait. This showed up in my e-mail on Saturday:
From: Internal Revenue Service
To: DontMessWithTaxes @ gmail.com
Date: Mar 25, 2006 3:33 pm
(2 hours ago)
Subject: receive a tax refund ...
More optionsAfter the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here.
Regards,
Internal Revenue Service
The scammers must have done a search of and mass mailing to tax blogs this weekend, because I see that TaxProf also reports getting the very same message on March 25.
Since people tend to take very seriously anything purported to be from the IRS, whether it be for good (a refund) or bad (an audit), the scam is not unexpected. It's not new either.
The IRS has been warning us about fake e-mails for years. You can read the agency's official notice about this particular scam here. Note how the scammers clipped part of this real IRS page's header to make their e-mail look more official.
Unfortunately, this isn't the only attempt by con artists to try to get you to bite on a tax hook. Check out my earlier post on tax time dangers. You also can go directly to this story I wrote on 12 common tax scams, including phake phishing trips.
The main message in all these scam warnings: Never, never ever click a link in a phish e-mail. (I invalidated the "click here" link in the phishing message reproduced above so no one would accidentally hit it.)
A better defense is to simply delete any questionable e-mails without reading them.
But if your curiosity gets the better of you and you just have to see what's inside (like I did; in my defense, I do get several legitimate e-mail newsletters from the agency), just make sure you never ever click a link in the questionable e-mail message.
Great googly moogly Gmail: Kudos to my Gmail account for catching this e-mail scam. The message was automatically directed to my spam folder. I still check the folder to see what junk is floating around cyberspace, but it helps to at least have it put into an e-box that I can manage with one easy stroke of the delete button.
What the Ph? According to Webopedia, "The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived."
Much more about the phishing process here.
Fish-hook-worm image courtesy Speedy Signs decals.
Comments
You can follow this conversation by subscribing to the comment feed for this post.