Legitimate government site directs to phishing

Date: December 07, 2005
Source: Business Week
By: Sonja Ryst

Scam artists are in hot pursuit of your identity. And they're cooking up a growing number of so-called phishing schemes, using e-mails that look like they're from a reputable source to cull personal data needed to steal your hard-earned money.

One recent phishing expedition involves e-mails promising a $571.94 income-tax refund. The messages direct recipients to a sham site where they are asked for details such as their credit-card and Social Security numbers.

What made this hoax especially effective was that it used a legitimate government site, www.GovBenefits.gov, to direct would-be victims to its own page. The government quickly caught wind of the hoax and on Dec. 1 fixed the loophole that enabled phishers to use its site as a conduit. "We made it so that you can't use the redirect" the way the phisher had exploited it, says Curtis Turner, project manager of GovBenefits.gov.

As the online shopping season kicks into full gear, you're probably spending plenty of time wielding your credit card while on the Net. And with tax-preparation time just around the corner, refund-related frauds could reappear.

"Phishers will try to abuse this again in the future," says Graham Cluley, a senior technology consultant at virus and spam monitoring firm Sophos, based in Oxford, England. "Both companies and consumers need to be careful they're not helping" phishers. The recent hoax serves up some useful reminders on how to protect your personal details, identity -- and dough
Original article

---

Add comment  Email to a Friend