TAXPAYER ALERT: The Internal Revenue Service
UGN Crime Trackers issue this alert based on criminal phishing attacks in the past two days spoofing official IRS tax refunds. PLEASE READ AND SHARE
...
Between April 18 and April 20, 2006, UGN Crime Trackers have tracked several phishing attacks from an individual in Tokyo, Japan, utilizing servers in Argentina to defraud email victims under the guise of the Internal Revenue Service (IRS).
The criminal phisher utilized a known cloaking technique which re-directs the victim through a large online provider, usually Yahoo, to elude detection. Criminals have learned that most spam reporting software does not report Yahoo and that Yahoo takes no action to stop the attack. The link includes a redirect tag to jump over Yahoo and take the victim directly to the phishing site.
Taxpayers Beware of Widespread Phishing Schemes Involving the IRS
From the IRS: Electronic fraud relating to the Internal Revenue Service (IRS) has been escalating in number and sophistication since December 2005.
Phishing, as it is called, is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
The current phishing scheme attempts to convince the users that they are receiving an email from the Internal Revenue Service (IRS) in regards to receiving their refunds via their charge card account.
BEWARE: The IRS does NOT send such emails to taxpayers!
The purpose of phishing is clear – to defraud financial institutions and their customers out of significant sums of money. Once personal account information is obtained, the identity theft begins and can result in drained savings accounts, new credit accounts being opened, countless online purchases, stock trades and other types of e-commerce transactions in the victim’s name.
If you receive a suspicious e-mail that claims to come from the IRS, FORWARD that e-mail to a new IRS mailbox, phishing@irs.gov.
Beware of Widespread Phishing Schemes Involving the IRS
IRS information and downloadable PDF at:
* www.ustreas.gov/tigta/contact_report.shtml
PDF Direct Download
* phishing_alert_2006.pdf
Full instructions :
* www.irs.gov/individuals/article/0%2C%2Cid=155344%2C00.html
UGN Crime Trackers Report #924090824:
This spam promised the victim they can receive their IRS Tax Refund directly into their charge card account:
The visible Link said: click here
The hidden Link goes to:
http://rds [dot] yahoo [dot] com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_yluX3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP1138544186/**http%3a//200 [dot] 81 [dot] 19 [dot] 229/IRS/refund/caseid1796433/pas [dot] php?certegy_vmtrueportlet_change_1_actionOverrideFchaseonlineFchangeFsigninDetails_windowLabel_portlet_signin_pageLabel_page_signin
As you can see in the tracking results from SpamCop:
* Where email originates: 204.2.106.86 or, us.ntt.net
* Network hosting phishing website:
http://rds [dot] yahoo.com/_ylt=a0lasv66fntdg.kauojxn... (cc.yahoo-inc.com)
Proof Report: http://www.spamcop.net/sc?id=z924090824z1480c4d5e459332a2289ba75c46021d3z
Once the criminal's cloaking device is removed, and the spam is re-entered, the following results are obtained:
* Where email originates: 204.2.106.86 (us.ntt.net, Tokyo, Japan)
* Network hosting phishing website:
http // 200.81.19.229 /irs/refund/caseid1796433/p
... or: millic.com.ar -- Buenos Aires, Argentina
Proof report:
http://www.spamcop.net/sc?id=z924092965z4b8cbb14809c29a35bf9f316e11b9018z
Registrar: LACNIC lacnic.net
Country: San Isidro, Argentina
Owner: Millicom Argentina S.A.
Host: http://www.millic.com.ar
Nameserver: DNS2.MILLIC.COM.AR
PHISHING ATTACKS:
APRIL 17 through APRIL 20
Internal Revenue Ser... Get Tax Refund on your VISA or MasterCard
Internal Revenue Ser... Get Tax Refund on your VISA or MasterCard
Account Service Chase Manhattan Bank - Service Notification
Chase Message from Online Customer Support
Chase Bank CONFIRM YOUR CHASE ONLINE PROFILE RECORDS
Chase Bank Please Update Your Chase Account
Chase Chase Account Verification
Chase Chase Account Verification
security@chase.com Chase Bank Account is fraudulent and it will be su...
Chase Security Servi... Fraud Prevention Measures
Chase OlineSM We recommend you to change your Chase OnlineSM acc...
Chase Online Banking New Message from Chase Online(SM)
Chase support@chase.com Account Update
Chase Online Chase Online Customer Survey - Get $20 Reward !
Chase & JP Morgan Se... Confirm your Online Banking records
Jp Morgan Chase Jp Morgan Chase & CO Credit Card Holders Important...
JPMoran Chase - Chas... Fraud Alert
JPMorgan Chase & Co. Account Information
PayPal Security Depa... Your account access has been limited
PayPal Payment sent to sales@sonyvaio.com
PayPal IMPORTANT: Notification of Limited Account Access
PayPal Email ID PP32... PayPal Email ID PP321
PayPal Important Message About Protect Your PayPal Accoun...
PayPal IMPORTANT: Notification of limited accounts
PayPal Your PayPal Account Information.
PayPal IMPORTANT: Notification of limited accounts
PayPal Team Your account access has been limited
PayPal Team Please update your account untill 19 April 2006
PayPal Your payment was sent to sales@sony.com
PayPal Inc Notification from Billing Department
Oregon Community CU Confirm your Oregon Community CU banking records
Wells Fargo Important Online Access Agreement Update!
eBay Inc. Question from eBay Member -- Respond Now !!!
eBay@eBay.com Service eBay
eBay Secure Message Center - Respond Now
eBay member Question from michaelwww
