WASHINGTON D.C. -- The United States' tax-collecting agency, the Internal Revenue Service, warned security experts on Wednesday that fraudsters have increasingly targeted tax payers using phishing attacks that masquerade as messages from the IRS.
Speaking at the Black Hat DC conference, a federal agent said that phishing activity has increased more than 12 fold over the last year. While the agency only had to deal with a single phishing site in each of 2003 and 2004, the IRS has closed down more than 1,630 sites to date, Andrew Fried, special agent for the Treasury Inspector General for Tax Administration told attendees. About 1 percent of all fraudulent e-mail attempts to use the IRS name to steal information or account credentials from users, he said.
"The reality is that the IRS is a brand, just like IBM or any other corporation," Fried said.
Phishing attacks are on the rise. In a report released last month, Microsoft found that 1 in 3 infected e-mail messages contained a phishing scam. Universities and colleges warned students and faculty last month that phishers are increasingly targeting academic institutions.
Much of the problem is that home users are not at all savvy about security, Fried said. The federal agent estimates that 4 to 10 percent of home PCs are infected with a Trojan horse or virus. People regularly, and accidentally, share out their private data, such as income tax returns, on peer-to-peer networks.
While many people believe that their antivirus software will protect them against attacks launched by fraudsters, in most cases such software provides little protection, the agent said. In a recent scam similar to the Better Business Bureau attacks of last year, an e-mail carrying malicious software masqueraded as a complaint filed with the IRS. No antivirus software could detect the attack, Fried said.
"None of these schemes are overly successful," Fried said. "But I want to stress, what we ... consider successful, and what a person in another country making 500 or 600 dollars a month considers successful is very different."
Posted by: Robert Lemos