The Phishermen keep using the IRS name to hook Phish (Identity Theft Victims)

Phishing has become a huge problem. Criminals (phishermen) spoof (impersonate) a brand or organization that people trust to trick people into giving up their personal, or financial information. The information is then used to steal money.

In the more sophisticated attempts, malware (crimeware) is dropped on a system that logs keystrokes, gathering even more personal information, without the computer owner's knowledge, or consent.


The phishermen have been spoofing the IRS so frequently, the IRS set up a dedicated e-mail address to report activity. The address is phishing@irs.gov (follow the instructions).


The most recent version is a spam e-mail intended to scare a person into thinking they are being investigated. Here is what the IRS site is reporting:

The e-mail purporting to be from IRS Criminal Investigation falsely states that the person is under a criminal probe for submitting a false tax return to the California Franchise Tax Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them. The IRS warned people that the e-mail link and attachment is a Trojan Horse that can take over the person’s computer hard drive and allow someone to have remote access to the computer.

Trojan horses are often a gateway to install malware -- sometimes referred to as crimeware -- which often includes keylogging software. The bottom line is that once installed on a computer, they have the ability to steal personal and financial details, from afar, without any additional assistance from you.


All the terms out there get confusing to non-technical people, there are some now saying, we should group some of the terms together and call it "grayware?" Another term to group some of this terminology together is "badware."


Similar technology is used for advertising and marketing purposes by legitimate businesses, also. This is often referred to as spyware and adware. The one thing they all have in common is that they are often a nuisance.


The key is to NOT even open the spam e-mails enticing you to click on their links. The best practice is to delete them. These e-mails are generated by the millions, perhaps billions by now, using automated software and botnets (other people's computers that have been taken over).


Spam filters designed to stop them from getting in your inbox, seem like they are getting less effective, recently.


Botnet owners are known to rent out their networks to other criminals for this purpose.


Sadly enough, the IRS name has been being spoofed a lot lately. Here is the extent of it:

Since the establishment of the mail box last year, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by TIGTA have identified host sites in at least 27 different countries, as well as in the United States.

The phishermen often impersonate financial institutions, eBay, PayPal, or government agencies; such as the FBI and Interpol.


The latest alert from the IRS can be seen, here.

Google launches security awareness effort using the blogosphere

There is another effort to curb fraud, phishing and financial misdeeds in the blogosphere. This week, Google launched a blog called the "Google Online Security Blog," which is designed to protect their users from the sometimes dangerous (murky) waters on the Internet.

In their own words (from their first post):

Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we'll tackle is malware, which is the subject of our inaugural post.

In this post they discuss "drive by downloads," which install what I call "cybernasties" on systems, often designed to steal personal, or financial details. They point out that Google already warns users of malicious sites in their search results and that users can prevent these sites from loading using Google Desktop Search.

They have also included a link to a paper, which studies this issue.

Since Google (as far as I know) isn't selling security software, the paper is well worth a read. This isn't to say that a lot of the papers published by security companies aren't relevant, it just means that Google's effort isn't designed to sell security software.

They also point out that most of the sites they investigated that download malware a.k.a. crimeware belong to webmasters, who don't know they've been hacked and are being used to compromise systems.

This post was written by Panayiotis Mavrommatis and Niels Provos of Google's Anti Malware team and includes a link to StopBadware.org. StopBadware.org has a lot of great tips on how to protect and avoid the growing phenomenon of malware (crimeware).

Google's Online Security Blog can be seen, here.

I look forward to seeing what else they come out with!

Blog exposes risk in reporting ID Theft

(Screenshot courtesy of the In Security Blog)

I'm surprised no one has called this one out before. John Sharp, author of the In Security Blog writes:

Those of you who follow my blog know that I'm worried about the increasing sophistication of keyloggers. Which is why, when I went on the FTC site this morning, I was a little shocked to discover that the format of the FTC ID Theft Complaint Form presents a veritable gift to keyloggers.

Full post from the In Security Blog (great read), here. There are also some great tips on how to avoid becoming a crimeware victim on the PR release on this from Authenium (John's company), here.

John's concerns are well founded. The Anti Phishing Working Group, which tracks phishing, malware and crimeware (normally keylogger variants) shows their use increasing, monthly.

Keyloggers (once on a system) record keystrokes, sending them back to the person, who covertly placed the software on the system. Criminals often install (drop) these cybernasties using spam e-mails, which lure people to click on their links.

The information, the criminals intend to log (steal) is personal and financial, which is then used to steal money.

(Chart courtesy of Websense and the APWG)

Sadly enough, keylogging software has so-called legitimate uses and can be legally purchased by anyone. One of the legitimate (so-called) uses is to spy on other people (invade their privacy).

Just about anyone can buy this wonderful technology right on the Internet, which can bee seen, here. Perhaps if it wasn't so easily available, the problem wouldn't keep getting worse?

The FTC does a lot of good in their battle to fight identity theft. You can get a lot of good information about how not to become a victim by visiting their page on it, here.

Once a computer has been compromised with crimeware (keylogging software), anything entered on it can be logged (exposed). Even if the site you are sending the information to is "secure," your computer IS NOT!

The Internet is full of sites requesting your personal details, the bottom line is to make sure your system is secure, or if it IS NOT - avoid sending personal or financial details, anywhere.