Articles Index About 60-Seconds Submit an Article Contact Us About the Editor
This column, part of DTG Magazine has been published since 1990.
* 181 Phishing * 182 Border Attack * 178 Spam Scams * 179 Stock Scams * 176 Spear Phishing
* The Design Center * Design Bookshelf * DTG Magazine * Photoshop * Photoshop 911 * Photoshop Help * Photoshop Resources * Photography * Web Design * Fonts & Typography * The Design Cafe * User Groups * Info Manager
(Hover for brief description)
Got content? Share your articles, reviews, tips and tricks with DTG readers around the world. (Ask about our writer guidelines for ideas.) Contact us. Submit Article
#183 April 21, 2006
Between April 18 and April 20, 2006, I delved into investigating several phishing attacks from an individual in Tokyo, Japan, utilizing servers in Argentina to defraud email victims under the guise of the Internal Revenue Service (IRS).
The criminal phisher utilized a known cloaking technique which re-directs the victim through a large online provider, usually Yahoo, to elude detection. Criminals have learned that most spam reporting software does not report Yahoo and that Yahoo takes no action to stop the attack. The link includes a redirect tag to jump over Yahoo and take the victim directly to the phishing site.
Taxpayers Beware of Widespread Phishing Schemes Involving the IRS
From the IRS: Electronic fraud relating to the Internal Revenue Service (IRS) has been escalating in number and sophistication since December 2005.
Phishing, as it is called, is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
The current phishing scheme attempts to convince the users that they are receiving an email from the Internal Revenue Service (IRS) in regards to receiving their refunds via their charge card account.
BEWARE: The IRS does NOT send such emails to taxpayers!
The purpose of phishing is clear -- to defraud financial institutions and their customers out of significant sums of money. Once personal account information is obtained, the identity theft begins and can result in drained savings accounts, new credit accounts being opened, countless online purchases, stock trades and other types of e-commerce transactions in the victim's name.
If you receive a suspicious e-mail that claims to come from the IRS, FORWARD that e-mail to a new IRS mailbox, phishing@irs.gov.
Beware of Widespread Phishing Schemes Involving the IRS
* IRS information and downloadable PDF at: www.ustreas.gov/tigta/contact_report.shtml
* PDF Direct Download phishing_alert_2006.pdf
* Full instructions : www.irs.gov/individuals/article/0%2C%2Cid=155344%2C00.html
This spam promised the victim they can receive their IRS Tax Refund directly into their charge card account:
*
The visible Link said: click here
*
The hidden Link goes to: http://rds [dot] yahoo [dot] com/ [ Hover for full link]
As you can see in the tracking results from SpamCop:
* Where email originates: 204.2.106.86 or, us.ntt.net
* Network hosting phishing website: http://rds [dot] yahoo.com/_ylt=a0lasv66fntdg.kauojxn... (cc.yahoo-inc.com)
Proof Report: http://www.spamcop.net/sc?id=z924090824z1480c4d5e459332a2289ba75c46021d3z
Once the criminal's cloaking device is removed, and the spam is re-entered, the following results are obtained:
* Where email originates: 204.2.106.86 (us.ntt.net, Tokyo, Japan)
* Network hosting phishing website:
http // 200.81.19.229 /irs/refund/caseid1796433/p
... or: millic.com.ar -- Buenos Aires, Argentina
Proof report:
http://www.spamcop.net/sc?id=z924092965z4b8cbb14809c29a35bf9f316e11b9018z
* Registrar: LACNIC lacnic.net
* Country: San Isidro, Argentina
* Owner: Millicom Argentina S.A.
* Host: http://www.millic.com.ar
* Nameserver: DNS2.MILLIC.COM.AR
You ask: "How can they do that?"
Answer: Because nobody stops them.
Thanks for reading...
Editor: DTG Magazine and 60-Second Windows contact me!
Here's my log of
PHISHING ATTACKS: APRIL 17 through APRIL 20Internal Revenue Ser... (tab) Get Tax Refund on your VISA or MasterCard Internal Revenue Ser... (tab) Get Tax Refund on your VISA or MasterCard Account Service (tab) Chase Manhattan Bank - Service Notification Chase (tab) Message from Online Customer Support Chase Bank (tab) CONFIRM YOUR CHASE ONLINE PROFILE RECORDS Chase Bank (tab) Please Update Your Chase Account Chase (tab) Chase Account Verification Chase (tab) Chase Account Verification security@chase.com (tab) Chase Bank Account is fraudulent and it will be su... Chase Security Servi... (tab) Fraud Prevention Measures Chase OlineSM (tab) We recommend you to change your Chase OnlineSM acc... Chase Online Banking (tab) New Message from Chase Online(SM) Chase support@chase.com (tab) Account Update Chase Online (tab) Chase Online Customer Survey - Get $20 Reward ! Chase & JP Morgan Se... (tab) Confirm your Online Banking records Jp Morgan Chase (tab) Jp Morgan Chase & CO Credit Card Holders Important... JPMoran Chase - Chas... (tab) Fraud Alert JPMorgan Chase & Co. (tab) Account Information PayPal Security Depa... (tab) Your account access has been limited PayPal (tab) Payment sent to sales@sonyvaio.com PayPal (tab) IMPORTANT: Notification of Limited Account Access PayPal Email ID PP32... (tab) PayPal Email ID PP321 PayPal (tab) Important Message About Protect Your PayPal Accoun... PayPal (tab) IMPORTANT: Notification of limited accounts PayPal (tab) Your PayPal Account Information. PayPal (tab) IMPORTANT: Notification of limited accounts PayPal Team (tab) Your account access has been limited PayPal Team (tab) Please update your account untill 19 April 2006 PayPal (tab) Your payment was sent to sales@sony.com PayPal Inc (tab) Notification from Billing Department Oregon Community CU (tab) Confirm your Oregon Community CU banking records Wells Fargo (tab) Important Online Access Agreement Update! eBay Inc. (tab) Question from eBay Member -- Respond Now !!! eBay@eBay.com (tab) Service eBay eBay (tab) Secure Message Center - Respond Now eBay member (tab) Question from michaelwww
Please take advantage of everything we have to offer. It will only help you in your daily activities. Please also take advantage of all the opportunities that exist in the online community. Ask questions, offer feedback, and contribute your ideas and opinions. We're here for you, and we're all here for each other.
* Back to 60-Second Window
* The Design & Publishing Center
* DT&G Online Magazine
Would you like to carry the 60-Second Windows column in your newsletter or web site? Ask us about our syndication program... join hundreds of others who now publish 60-Second Windows!
60-Second Windows is wholly owned by the Design & Publishing Center, part of Showker Graphic Arts & Design, Harrisonburg VA; in the Shenandoah Valley of Virginia -- Copyright: 1990 through present, All Rights Reserved.