Spammers Take Advantage of the Tax Season

Spammers are continuing to use the oldest trick in the book - social engineering - to try to get you to be part of their plan. The US CERT (Computer Emergency Readiness Team) has released a number of advisories over the last few weeks on recent Spammer tricks of impersonating someone trusted like the tax department or a trusted news source to get you to click on a one of their web links.

Here are some recent samples:

IRS Rebate Phishing Scam

• www.us-cert.gov/current/archive/2008/04/25/archive.html#irs_rebate_phishing_scam
• www.us-cert.gov/current/archive/2008/03/31/archive.html#internal_revenue_service_tax_scams
  

Federal Subpoena Spear-Phishing Attack

• www.us-cert.gov/current/archive/2008/04/25/archive.html#federal_subpoena_email_scam

Radiation Leak - from a trusted news source

• www.us-cert.gov/current/archive/2008/04/11/archive.html#email_attack_circulating

The text included with the links the Spammers send may make your pulse race (I can get my Tax rebate now!) and thus they try to get the emotional part of you to take control of your mouse before the logical part of your brain (This sounds fishy - better be safe and delete this message or call them direct to confirm) kicks in.

Guess what? - By clicking on the link you played right into the Spammer's plan and you either filled in a form (Phishing) and gave them information they can use to steal your identity or money or your computer got infected and is now playing it's part in sending out Spam.

How do you keep yourself safe while on the Internet?

Install and use a good anti-virus / anti-malware product and keep it up to date.

Take the time - once in a month at least - to do a full update for security patches and then do a full anti-virus / anti-malware scan of your computer.

Use some reputable online scans to double check on your Anti-Virus.

F-Secure Health Check Online scanner

• www.f-secure.com/healthcheck/

Panda Active Scan

• www.pandasecurity.com/canada-eng/homeusers/solutions/activescan/default.htm?track=80383

Kaspersky

• http://usa.kaspersky.com/products_services/free-virus-scanner.php

Secunia's Online Scanner (checks to confirm your software is up-to-date)

• http://secunia.com/software_inspector/

(Warning - These companies use these online services to try and sell you on their products - you may have to provide an e-mail address to start one or more of these services so you may get marketing related messages after using these services)

At work you will want to use a higher-end firewall (such as a firewall from Fortinet or Secure Computing) or a dedicated web filter appliance (from Barracuda Networks) with a second layer of anti-virus / anti-malware / web content filtering between your computers and the Internet.

Spammers are the problem but we have to do our best to be part of the solution!

- Shaun