Monday, September 28, 2009

Cybercriminals use fake IRS emails to steal on-line banking credentials

What's happening: U.S.-CERT has issued an alert stating: "attacks arrive via an unsolicited email message and may contain a subject line of 'Notice of Underreported Income.' These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code" designed to steal bank account credentials.

What it means: Users who fall for this scam are (1) giving control of their computers to cybercriminals; (2) exposing their organizations to online bank fraud.

What to do: Continue training users not to fall for phishing attacks. Take all the other steps to protect yourself from online bank theft that we've already discussed. Strongly consider replacing current ant-virus / anti-spyware product with an intrusion detection / prevention solution.

**********************************
From Brian Krebs; Washington Post: New IRS Scam E-mail Could Be Costly

The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix, falling for the ruse could cost you or your employer tens of thousand of dollars.

http://voices.washingtonpost.com/securityfix/2009/09/irs_scam_e-mail_could_be_costl.html