The IRS and Internet security experts are warning of a fake phishing email which appears to come from the IRS. The phishing scam takes the form of what claims to be an email from the IRS which advises you that you have a tax refund due.
What is particularly sneaky about this fake IRS email is that the link that it gives you, to govbenefits.gov, is genuine. It will take you to the real govbenefits.gov website, but then it invisibly redirects you to the phishers’ website. The reason that the phisher is able to do this is that the govbenefits.gov website has a security flaw which is known as an “open redirect”.
Explains Sophos security expert Graham Cluely, “This is more advanced than the typical phish, because the Web link really does – at first – take you to the real tax benefit web site. Unfortunately the way the government web site has been configured allows the phishers to bounce the unwary in their direction.”
Most of the fake IRS tax refund email has mentioned the precise “refund” amount of $571.94, but expect that to change as people catch on, and the phishers alter their tactics.
|No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?