In computer news this week March 24, 2009

 

Here come the tax phishing emails ....

 

As the date approaches of one of the two only certain things in life – death and taxes – the proximity of April 15^th  will spawn millions of phishing emails in advance and after that date. trying to steal computer users identities and empty their bank accounts.

 

As a defense you need a good browser that will warn you of a phishing email – I use Firefox 3 which immediately caught it, but in fairness I have to say so did IE 7 – and you need to be aware of how these scams work and how to do some detecting on your own.

 

I received an email in my outlook this morning supposedly from the IRS telling me that I had a refund of  $189.60 due to me, and all I had to do was click on a link in this email to have this sent to me.

 

First obvious problem is that it said it was a refund under section 501 C3 – meaning for non-profit corporations. I and most small business are struggling in this recession not to be non-profits, but I knew at a glance that I am not a non-profit corporation and that this was a phishing email.

 

 

 

Knowing that Firefox protects me from these scams, I clicked on the link and immediately the Firefox warning screen came up that this was a known phishing site, and to avoid it.

 

 

 

Just looking at the email in outlook, the subject line said that it was a notice from the Department of the Treasury, and when I opened the email it said it was from Internal Revenue Service, and it showed a website of www.irs-usa.com , which might look legitimate to some people.

 

Except the IRS’s website ishttp://www.irs.gov – a government site, not a commercial site, so this was another warning sign about this email.

 

I wanted to know a little more about this email, so in Outlook I right-clicked on the email to reveal the email headers, which can tell you quite a bit about where an email comes from, and what is forged. and these headers revealed a lot of forgeries. Outlook doesn’t say they are forgeries – you have to figure that out for yourself.

 

 

 

 

I also wondered what a somewhat unaware person might do if they thought that this might be a phishing email, but they were computer-savvy enough to do a who-is search on the website name.

 

You can do a who-is search by going to any of hundreds of internet registrar websites, and I generally use www.godaddy.com , which revealed that www.irs-usa.com actually is a legitimate website, and I’m sure the owner didn’t know his site name had been stolen by a phisher until he started getting overloaded with irate emails blaming him for all the problems. Maybe that’s a problem you might anticipate when you apply for a website name that’s very similar to another website. In fact, spammers do that all the time.

 

 

 

So the more you know about phishing emails, they better you can protect yourself.

 

To see a transcript of this show with picture examples of everything I’ve said, you can read this on my website of  Raw Bytes Website  http://www.mtamicro.com/kpbx.html

 

For Raw Bytes

 

This is Frank Delaney

(C) 2009 MTA Micro Technology Associates

http://www.mtamicro.com/kpbx.html

PO Box 31522 Spokane, Wa 99223-1522

(509)624-7230

mailto:frank@mtamicro.com