CERT mailing list archives

Current Activity - US Tax Season Phishing Scams and Malware Campaigns

From: Current Activity <us-cert () us-cert gov>
Date: Wed, 16 Mar 2011 11:38:13 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

US Tax Season Phishing Scams and Malware Campaigns

Original release date: March 16, 2011 at 11:32 am
Last revised: March 16, 2011 at 11:32 am


In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the United
States tax season. Due to the upcoming tax deadline, US-CERT reminds
users to remain cautious when receiving unsolicited email that could
be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not
limited to, the following:
  * information that refers to a tax refund
  * warnings about unreported or under-reported income
  * offers to assist in filing for a refund
  * details about fake e-file websites

These messages which may appear to be from the IRS, may ask users to
submit personal information via email or may instruct the user to
follow a link to a website that requests personal information or
contains malicious code.

US-CERT encourages users and administrators to take the following
measures to protect themselves from these types of phishing scams and
malware campaigns:
  * Do not follow unsolicited web links in email messages.
  * Maintain up-to-date antivirus software.
  * Refer to the IRS website related to phishing, email, and bogus
    website scams for scam samples and reporting information.
  * Refer to the Recognizing and Avoiding Email Scams (pdf) document
    for more information on avoiding email scams.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    document for more information on social engineering attacks.
  * Review the Wall Street Journal blog post "Cybercrooks Digging for
    Tax Data" for additional suggestions for protecting against these
    types of attacks.

Relevant Url(s):
<http://blogs.wsj.com/digits/2011/03/11/cybercrooks-digging-for-tax-data/>

<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=5>

====
This entry is available at
http://www.us-cert.gov/current/index.html#us_tax_season_phishing_scams1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTYDZVT6pPKYJORa3AQIsHwf/WYMHqWNNzi8UTIvv0BYGsjvudcxyfbmE
px0pC3wIoL5FKZMfcClbumSVMGtyWwDbaL4+JYSHwG/7l8MtPKzhBFz15fdIhFuU
3QJOqM+OipVS4g4l7AGsOSg3Pry0/+p8ISw3YipPe4o9vjn7Aky7Zl2PSfUhmNOW
ONdYwTB7urPWrQLNVio38jKrhkn8uznzUek5PdnY9I8wx6KXiteaF+6qZgzrZE4W
sKMi+zfXxVPZ+tzL+JdEqg7uLpNCXL6npAhc29oDbE98BUQ2mNs5+bx0+g4wCXfA
4ehSUZ7yslhUFnr/npslkCj4XUGfmEOleJHEqHjuPHUx3zTZYS2XKA==
=gP5N
-----END PGP SIGNATURE-----
Current thread:

Current Activity - US Tax Season Phishing Scams and Malware Campaigns Current Activity (Mar 16)