Tax Rebates Spawn New School of Phishing

Social engineering ploy tricks computer users into divulging personal information that cybercriminals use to bilk unwary taxpayers.

The Bush administration's economic-stimulus tax rebate program,under which the Internal Revenue Service is issuing taxpayerspayments of as much as $1,200, has given rise to a new wave ofphishing scams, according to a new FBI notice.

The scams rely on a technique known as social engineering totrick computer users into divulging personal information that thecybercriminals or their customers can use to bilk unwarytaxpayers.

The new phishing scams use spam e-mails to gull prospectiverefund recipients into providing their bank account information andother personally identifiable data via a fraudulent form that isattached to the original message by a hyperlink.

“To convince consumers to reply, the e-mail warns that afailure to complete the form in a timely manner will delay theissuance of the rebate check,” the bureau said in awarning.

The bureau urged people to use caution when dealing with e-mailfrom unknown senders, repeating the frequently heard warning thatsuch electronic messages often include malware. The FBI notice alsoincluded examples of the types of deceptive wording the phishinge-mails have used.

The latest FBI warning about the online flood of fraudulent taxrefund e-mails comes on the heels of a rising tide of IRS-relatedonline fraud, as reported by GCN. The recent notice followsearlier warnings on the same topic by MX Logic,which predicted the fraud tactic earlier this year.

The bureau's fraud notice also echoes IRS' own anti-phishingwarnings and actions against IRS spoof sites. The IRS recently stated that the number of bogus IRSsites has increased twelvefold this year over last year.

-- William Jackson