Phishing emails

[audreyh1]

Someone I know got an interesting phishing email today from the "IRS" announcing that they had a new IP PIN to use for e-filing their 2014 return. File attached.

Subject: Your 2014 electronic IP PIN!

Dear member

This is to inform you that our system has generated your new secure electronic PIN to e-File your 2014 tax return.

Please kindly download the Microsoft file to securely review it.

Thanks

Internal Revenue Service
<address given>

From http://www.irs.gov/uac/Report-Phishing

The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.

It's worth reviewing the IRS website because it also discusses phone scams.

 

[ls99]

Pretty slick. Bet many will get suckered.

 

[freebird5825]

TY for the info.
I showed Mr B, who is constantly communicating with the IRS by email, for himself as well as his tax clients.

 

[GrayHare]

"Dear member" and "download the Microsoft file" stand out as awkward phrases the IRS would not use.

 

[audreyh1]

"Dear member" and "download the Microsoft file" stand out as awkward phrases the IRS would not use.

Easily corrected by a more sophisticated phisher

 

[GrayHare]

Easily corrected by a more sophisticated phisher

Fortunately the phishers are rarely smart enough. "Dear IRS Customer" and "download the computerized file" will also stand out.

OTOH, phishers likely prefer less sophisticated victims, ones who do not notice odd phrasing, and are presumably less likely to notice odd financial activity.

 

[sheehs1]

Thanks for the heads up Audrey1. Have passed it on.

 

[Alan]

Thanks Audrey.

 

[audreyh1]

Yes, often phishing emails are poorly worded, have obvious grammatical, spelling, syntax, or capitalization errors. But they can be clean to. You can't count on "obvious" phoniness to catch it.

This example is from Krebs on Security.
Phishers Pounce on Anthem Breach

Someone following the news may know that neither credit card info nor health data was accessed, but how many folks have paid attention or will even remember?

 

[audreyh1]

Never mind ( but still....)

Update, Feb. 9, 6:15 p.m. ET: In a somewhat farcical turn of events, it appears that the image above is actually from a phishing education campaign created by a company that helps firms impress upon their employees the importance of cybersecurity. The image above, when clicked, brings users to this page, which warns visitors they’ve clicked on a link design to test awareness. That page is run by Knowbe4, whose CEO Stu Sjouwerman said in response to an inquiry that the image was likely forwarded to Anthem by a cautious employee of one of Knowbe4’s customers who received the phishing test but did not click the link. Full disclosure: Knowbe4 is an advertiser on this blog.

 

[Which Roger]

Phishers deliberately make their attempts pretty transparent to immediately weed out all but the most vulnerable; most are more transparent than even the IRS scam from the OP. For scams like the Anthem, I instinctively hover over the URL in the hotlink, and it's immediately obvious that something is phishy.

While were on the topic, has anyone else been getting semi-regular phone calls regarding winning $25,000 in a drawing? I'm kind of wondering what happens to those who follow up (and maybe somebody here has just for fun). I'm guessing the scammer asks for a bank account in which to deposit the winnings.

 

[fidler4]

Sent from my iPad using Early Retirement Forum