Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Thieves troll for execs with new Tax Court phish scam

The real U.S. Tax Court warns of 'spear phishing' efforts

By Gregg Keizer
Comments
0
Recommended
179



May 23, 2008 (Computerworld) Security researchers and the U.S. government today warned of on-going targeted phishing attacks disguised as overdue tax notices from federal courts.

The attacks take aim at top-level executives, including one who works for security vendor McAfee Inc.

"The e-mails are designed to look like a petition from the Tax Court and are fairly believable," said McAfee researcher Kevin McGhee in a notice posted to the company's Web site. "There's also a legitimate telephone number for the organization, [and] the executive's name is listed as the respondent in a case versus the Commissioner of Internal Revenue."

McGhee included a screenshot of the e-mail received by a McAfee executive; the image showed the "From:" address as ustaxcourt.org.

The legitimate U.S. Tax Court site, ustaxcourt.gov, also warned of the scam on its home page.

"The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court's practitioner bar," the warning said. This message is an example of 'Spear Phishing,' which is an e-mail spoofing attempt that targets a specific organization.

"The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court. If you receive an e-mail with a subject line that includes the text, 'Notice of Deficiency #' or 'US Tax Petition,' ignore/delete the e-mail and do not click any link within the e-mail message," the agency said.

Targeted identity theft attacks — sometimes called spear phishing or whale phishing — aren't new, nor are attacks that pose as legal messages from courts or the U.S. Internal Revenue Service. But such attacks have picked up as of late. Last month, for example, several waves of messages masquerading as notices of federal lawsuits reached recipients.

When users click on the link embedded in the phishing message, they're directed to a fake Tax Court Web site, said another security researcher, where they're asked to upgrade their copy of Microsoft Corp.'s Internet Explorer browser. "By string manipulation, in this case, adding a dash to the actual domain name of the actual site, unknowing users are easily made to believe that the bogus site is legitimate, making them most likely to click on the link," said Jovi Umawing, a researcher at Trend Micro Inc. in a separate warning posted on Friday.

McGhee noted that clicking on the purported IE update link actually downloads and installs malware, including a behind-the-scenes keylogger that records usernames and passwords typed on the PC's keyboard, then transmits that information to the identity thief.



Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Simplifying the Data Center Network
Whitepaper: The Latest Advancements in SSL Technology

CW Report: An Apple for Your Enterprise?
Study: Phishing attacks up by 50% per month
Security concerns cloud holiday shopping
FTC's New Red Flag Rules cast wide identity theft net
Obama beats McCain in 'spam-off' by landslide
Gartner: Security risks rise as smart phones get smarter

Today's Top Stories

Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
Report: Former AOL chief exec tries to raise funds to buy Yahoo
U.S. report sees major terror attack by 2013, ignores cyberattack risk

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Cybercrime and Hacking Resource Alerts

Webcasts

Real-time collaboration and development with IBM® Rational® Team Concert streamlines any project

Web Threats Don't Discriminate

Simplifying the Data Center Network

Whitepapers

Go Green with Webroot® Perimeter Security SaaS!

Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology

The Latest Advancements in SSL Technology

Computerworld Reports

Compterworld Technology Briefing: Intelligent Users Use Business Intelligence

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Editor's Picks

Clues point to Jan. 13 release of Windows 7 beta

Microsoft releases Vista SP2 beta

Obama's DHS pick may find support for raising H-1B cap at confirmation hearing

IBM wants info from Apple execs in Papermaster case

Report: Former AOL chief exec tries to raise funds to buy Yahoo

U.S. report sees major terror attack by 2013, ignores cyberattack risk

Featured Column
In SecurityIn Security
Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.

Click here to read the latest column by Jon Espenschied
White Papers
Protecting Exchange
While it was once just a convenient way for employees to communicate internally, today e-mail systems like Exchange are tightly integrated with other business applications and are one of the primary methods for communicating with current and prospective customers. Protecting Exchange against costly downtime has become a top priority for more IT departments. So how do you ensure that your Exchange environment is always protected?
Download this white paper now! 
Featured Column
The Spy FilesThe Spy Files
For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler.

Click here to read the latest column by Ira Winkler
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The 2008 ERP in Manufacturing Benchmark Report Summary
IronPort Web Reputation Filters Tech Note
Designed to Manage Lean Principles
View more whitepapers 
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.