Monday, March 29, 2010

US Tax Season Phishing Scams and Malware Campaigns

US-CERT Current Activity

US Tax Season Phishing Scams and Malware Campaigns

Original release date: March 26, 2010 at 10:21 am
Last revised: March 26, 2010 at 10:21 am


In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the United
States tax season. Due to the upcoming tax deadline, US-CERT reminds
users to remain cautious when receiving unsolicited email that could
be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include the following:
information that refers to a tax refund, warnings about unreported or
under-reported income, offers to assist in filing for a refund, or
details about fake e-file websites. These messages, which appear to be
from the IRS, may ask users to submit personal information via email
or may instruct the user to follow a link to a website that requests
personal information or contains malicious code.

At this time, US-CERT is aware of public reports indicating that there
is active circulation of a tax season malware campaign. This malware
campaign may be using malicious code commonly known as Zeus or Zbot.

US-CERT encourages users and administrators to take the following
measures to protect themselves from these types of phishing scams and
malware campaigns:
* Do not follow unsolicited web links in email messages.
* Maintain up-to-date antivirus software.
* Refer to the IRS website related to phishing, email, and bogus
website scams for scam samples and reporting information.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):






====
This entry is available at
http://www.us-cert.gov/current/index.html#us_tax_season_phishing_scams

No comments: