Thursday, March 25, 2010

Red Condor Warns of IRS Underreported Income Notice Spam


Email security experts at Red Condor have issued a warning for a new blended email threat that once again spoofs the Internal Revenue Service. The text-based email, which has a variety of subject lines, such as “the CP2000 notice (Underreported Income Notice),” is asking recipients to “review your tax statement on Internal Revenue Service (IRS) website.” When someone clicks on the link, they are taken to a landing page that includes the IRS header, as well as a link to the IRS Privacy Policy. On the landing page, visitors are asked to “Please review (download and execute) your tax statement.” The link on the page actually installs a version of the Zbot Trojan, which hides itself on compromised computers and allows remote attackers to steal bank-related information, log-in details and other personal data. This campaign is being sent from a botnet, has a moderate to high volume, and more than 2,000 unique sending IP addresses. A similar campaign was blocked in the fall of 2009. 

“Given its familiarity with so many people, the IRS is a common target, especially during this time of the year as consumers and businesses are getting ready for tax season,” said Dr. Tom Steding, president and CEO of Red Condor. “In addition, many people fear the IRS, and an email with the subject line containing underreported income does catch people’s attention. Unfortunately, because the email appears to come from the federal government, they may be more likely to follow the instructions in the email. And it doesn’t take very many people clicking on the links for the spammers to profit from the campaign.”   

As with past IRS spam warnings, the IRS has made it very clear that it does not communicate with individual taxpayers via email, so any email with the IRS’ brand on it is likely going to be a scam and should be forwarded to the IRS at phishing@irs.gov and then deleted. 

This campaign was detected by Red Condor’s Spam Trigger filter, which quickly identifies spam and phishing campaigns before they penetrate users’ networks. Once identified, the campaigns are quarantined and reviewed as rules are written and automatically distributed to Red Condor’s antispam appliance and Hosted Service customers. 

Visit http://www.redcondor.com/resources/whitepapers/new-threa ... to download Red Condor's white paper on emerging email threats.

Sourec: http://www.prlog.org/10594525-red-condor-warns-of-irs-underreported-income-notice-spam.html

No comments:

Post a Comment