X

The IRS seeks brand protection

The number of IRS-themed phishing sites soared in the first six weeks of 2008, U.S. Treasury Department agent says.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
See full bio
Robert Vamosi
2 min read

Washington D.C. -- Like the Bank of America brand name, the United States Internal Revenue Service is a brand that also needs online protection. On Wednesday, Special Agent Andy Fried with the U.S. Treasury Department gave a second keynote address to start off Black Hat DC 2008. He said as of February 19 this year, there were 1,630 phishing sites using the IRS name or logo, marking a 12 percent to 17 percent increase over last year.

Although the IRS phishing sites may be taken down with an hour or so, that's still long enough for a victim to volunteer personal information online. Fried stated that the IRS does not contact people via e-mail. He also noted that many of the phishing sites and e-mails came "out of Eastern Europe."

E-mails pretending to be from the IRS may link to phishing sites, but they can also launch malware, said Fried. He cited one example where late at night he saw a new IRS-themed e-mail containing malicious code and also found that none of the major antivirus sites had signatures in place to block the sample. He said the antivirus vendors frequently missed malware associated with IRS e-mail spam.

While he was concerned about ordinary people getting hit, he called upon the antivirus community to immunize their applications before the IRS staff reported for work in the morning. His concern was the IRS itself, which, in the morning would start to get forwarded examples of the e-mail and could potentially infect the IRS with malware.

In January 2008, Fried said that the IRS reached a full one percent of all spam traded on the Internet--a record for the agency.

Fried also warned against using peer-to-peer applications on the same desktop with your tax information on it. He and his investigators will periodically fire up LimeWire and find hundreds of copies of people's tax returns available for downloading. "If you don't know what you are doing with P2P," said Fried, "don't use it."

Fried said he expected more IRS-themed Internet activity in May when the U.S. government plans to issue tax rebates to qualified individuals, but declined to specify what he expected.