New phishing scam: A criminal gang is in your mailbox
- October 21, 2010
- 2 comments
- Posted in Banks & Banking, Latest Posts, Taxes
If an IRS warning suddenly pops up in your email, do not – repeat, not – click on the link. Trust me, the government isn’t reaching out to help you. You’re being phished, and not by a garden-variety spammer. You’re hearing from Avalanche, the largest and one of the most sophisticated criminal gangs on the Web.
I got a string of those “urgent” IRS messages this week, claiming that I’d made a paperwork mistake when I paid my tax. The headings read, “LAST NOTICE: We decline your Federal tax payment,” followed by an ID number. Or, “LAST NOTICE: The Identification Number used in the company identification field is not valid.”
The first message gave me pause. Who among us doesn’t hate to hear from the Internal Revenue Service? The email appeared to come from the Electronic Federal Tax Payment System (ETFPS), which is the website you use when paying your income taxes online. I thought for a couple of seconds. Could I have made a tax mistake?
Then good sense took over. The IRS does not get in touch with taxpayers by email. It sends you one of those mean-looking envelopes with a lot of black type in the upper left-hand corner. I wriggled off the phish-hook and hit Delete.
To anyone caught by this scam, the news is bad. International e-crooks have stepped up their game, says Greg Aaron, director of domain security at Aflias, an internet infrastructure company. You’re at even greater risk than you thought.
A traditional phisher wants personal financial information. You might be told that a Federal Express package was misdirected or that there’s a question about your bank account. If you click, you’re sent to a second screen where you’re asked to “update” or “validate” your current data — your credit card number, Social Security number, or the number and password of your bank account. The second half of 2009 saw a record number of unique phishing attacks, reports Aaron, co-author of the Global Phishing Survey sponsored by the internet industry’s Anti-Phishing Working Group. By now, all but the most careless of consumers have caught on and refuse to play.
Hence, the change in tactics. In place of traditional phishing, Avalanche and its copycats have seized on a dangerous piece of malware known as the Zeus banking Trojan. If you click on the link provided by the LAST NOTICE IRS email, you might be taken only to an innocuous information page. You’d read, delete, and move on to something else. During those few moments, however, the malware will zap itself into your machine.
You won’t even know that you’re harboring Zeus. But — like the Dementors in the Harry Potter stories — it’s sucking out your computer’s soul. It grabs the user names and passwords to the bank and mutual fund accounts that you manage online, and logs in to drain them dry. It sweeps up your address book, to spread itself to the computers of your contacts and friends. If you happen to be online with your bank when Zeus pops in, it will show you the real numbers while, in the background, it’s pulling money out.
If Zeus gets lucky, it finds computers with links to the accounts of small businesses, school districts, municipalities, colleges, or other institutions and drains them, too.
Zeus has been around for a while, Aaron says. The basic package costs a few thousand dollars, plus extra for add-ons. What’s new is that Avalanche industrialized it, making it easier to launch thousands of attacks, one after another, to people who don’t know its trick. The LAST NOTICE scam is the least of it.
The Anti-Phishing group has a single message for you. Don’t let your fingers fly over your email messages. Stop and think before you connect to any link. For example: Don’t open any business email that you’re not expecting. If you have a question, call or email the business yourself. Don’t call the number that the questionable email shows, it might misdirect you to the scammer’s line. If you email the business, check the address and type it into the URL line yourself, don’t copy-and-paste the address that the questionable notice shows.
The group offers many more tips here.
On a personal note, I’d suggest that you ignore emailed birthday cards. Two years ago, I opened one that appeared to come from a good friend. Big mistake. My “good friend” started sending streams of porn. It took me more than a year to get the problem under control.
Read more about frauds:
Foreclosure fraud: How you can be driven to default even if you pay on time
Debit card overdrafts: How the banks still cheat
Truth breaks out: Subprime cards charge 79.9 percent
Tags: Avalanche, fraud, phishing
I got some of those emails about a year ago, which I promptly forwarded to the IRS unopened. That (or deletion) is the right way to handle these scams, because it is also possible to embed viruses in email that activate when the email is opened. Here’s the IRS site describing IRS-related phishing, along with an email address to which you can forward the item:
http://www.irs.gov/privacy/article/0,,id=179820,00.html
If you go on the Internet at all, including email, you MUST do two things: 1. Back up regularly. Nothing substitutes for a collection of backups. There are times when the only solution to infection is reinstallation of the OS and destruction of all files on the hard drive. 2. Install software that checks the hard drive for viruses, and run that software regularly. Microsoft has a very good one for Windows called Microsoft Security Essentials, and it’s free.
Thanks for the good advice