Tuesday, January 19, 2016

Open Season on ID Theft

It's that time of year again, tax time for the US and UK. Scammers keep track of the dates, too, and they've rolled out their 2015 tax year-themed malware and identity theft campaigns.

So how do they trick victims? The most common method is phishing. Here's an example making the rounds:


Clicking on the link takes the victim to a page that looks similar to this:


There are several hints that neither the email above nor the purported IRS page are legitimate. First and foremost, according to the IRS, they won't "initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts."

Next, take a closer look at the URL:


Notice the domain name, "executiva.net." It should be obvious that the IRS web pages are all hosted on irs.gov.

Another clue in the URL is something we see often in phishing pages, the presence of multiple top level domains (TLDs). In this case, we see both ".com" and ".net." Without going too far into the technical weeds, a domain's TLD is the root of its home on the Internet where browsers or other Internet-connected devices can find it. While a domain can be registered with multiple TLDs,- such domain.com, domain.net, domain.org, etc. - each will reside on separate websites in order to route properly with each root TLD serving as a guide. There can be only one at a time.

So what can you do to protect yourself this (and every) tax season?

1) As mentioned in previous posts, I'm a fan of security freezes. It can be a hassle but a one-hour investment of your time buys you a lifetime of peace of mind.

2) Never click on links in emails. Period. Too many online companies have trained us all to click but it's safer to type in the web address yourself to ensure that you land where you expect to land.

3) Hover your mouse over hyperlinks in email. In all browsers that I can think of, this reveals the full and true address associated with the link. In phishing emails, you'll notice mismatches between what you expect to see and the real address.

4) Report phishing attempts to the IRS. They have great information and guidance, along with appropriate reporting email addresses, here: https://www.irs.gov/uac/Report-Phishing


No comments:

Post a Comment