Websense Security Labs reported that it has seen a sharp hike in phishing attacks via fraudulent emails and websites that spoof the Internal Revenue Service (IRS) since the end of last year. The firm reported uncovering phishing scams targeting U.S. citizens that originate on compromised servers in several countries outside of the U.S.
Recent trends indicate that by just visiting a website, many types of phishing URLs can install spyware, such as malicious keyloggers, which have the ability to capture data - including network passwords or social security numbers - without users' knowledge.
It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords or trade secrets to jeopardize an entire organizations' intellectual property, Websense warned.
"Cyber thieves sit back and wait for current events such as tax season which provide an opportunity to manipulate the web for monetary rewards," said Dan Hubbard, senior director for security and technology research, Websense. "With tens of millions of online users filing their taxes on the internet, many web filers readily disclose personal identifiers such as network passwords, social security numbers, bank account numbers or their mother's maiden name. The combination of having a large pool of potential users to target and the timeliness of the current event could lead to high numbers of both consumer and corporate victims."
According to the IRS, 68.5 million tax returns were electronically filed in 2005, and that number is expected to increase at a record pace this year. The IRS also expects fraud attempts to rise and has published its own warnings in an attempt to educate the public on these scams.
According to the IRS website, fraudulent emails appearing to come from email@example.com, firstname.lastname@example.org or other similar irs.gov themed addresses offer a tax refund and direct recipients to a link contained in the email. The link directs users to a clone of the IRS website that is modified to ask for personal and financial information not required by the real IRS page.
According to Websense, many of these bogus sites have similar characteristics in their URL paths and include /IRS/claimrefund/caseid or www[dot]irs[dot]gov in the path.