A spam e-mail message has been sent around the world telling people they are eligible for a $571.94 tax refund from the IRS. The e-mail offers a link to a fraudulent IRS Web site, but the link actually goes through a legitimate government Web site that only last month was promoted by President Bush. "This is more advanced than the typical phish, because the Web link really does--at first--take you to the real tax benefit Web site," said Graham Cluley, senior technology consultant for U.K. security vendor Sophos. "Unfortunately the way the government Web site has been configured allows the phishers to bounce the unwary in their direction." The link in the phishing e-mail goes to a forged IRS Web site that asks for a Social Security number, tax return filing code and credit card details including security code and PIN. The scam takes advantage of a so-called open redirect on the GovBenefits.gov Web site. This open redirect lets anyone craft a link that to the untrained eye looks like it goes to the government site, but actually goes elsewhere on the Web. The following link, for example, goes to CNET News.com: http://www.govbenefits.gov/govbenefits/externalLink.jhtml?url=http://www.news.com. The government is aware of the issue and is working to fix it, a representative of the Department of Labor said Wednesday. The department manages the GovBenefits.gov Web site. The site is a collaborative effort of 16 federal agencies to increase access to government information and is part of the president's e-government initiative.
Phishers use IRS tax refund as bait... |