Phishers Play on IRS Web Site
Thieves are exploiting the fear of Uncle Sam's most notorious agency.
The phishers are taking advantage of an apparent security configuration error on the real IRS Web site that redirects visitors to a bogus Web site, according to Sophos Labs.
The scam tells users to cut-and-paste the link into their Web browsers instead of clicking on it to avoid refund problems down the road. Because the link uses the genuine domain name of the actual government Web site, users are more likely to be duped into following the phishers' instructions.
"This phish tells the user that the IRS owes them several hundred dollars and offers a Web link from which they can allegedly claim the tax refund," Graham Cluley, senior technology consultant at Sophos, wrote in a warning posted on the firm's Web site.
However, the link in the e-mail bounces the user off a U.S. government Web site onto a site operated by the criminals, who then proceed to steal credit card details, Social Security numbers and other personal information, according to Cluley.