Thinking like a phish



November 30th, 2005

One of the best defenses against threats like phishing is to think like a phish and if you want to think like a phish the best place to start is by asking yourself the question "what do I/others really want to hear in an email?" or better still "what kind of think might you not question if they read it in an email?".  Well, here's one that I thought of a while back - an IRS refund of $571.  It's so simple.  And the timing is perfect too - with the Holiday season in full swing. The time limit is there to give a sense of urgency - no time to think, gotta visit the site and claim your $$$.

From: tax-returns@irs.gov <tax -returns@irs.gov>
Reply-To: no-reply-2005@66.34.46.216
To: my email
Date: Nov 26, 2005 12:16 PM
Subject: [IRS] Tax Refund

You are eligible to recieve a tax refund for $571.94.

To access the form for your tax return use the link below:

http://www.govbenefits.gov/govbenefits/externalLink.jhtml?url={edited for safety}
(copy and paste this link in your browser address bar)

12 days left to apply for your refund. You may not receive your refund as quickly as you expected. A refund can be delayed for a variety of reasons. For example, a name and Social Security number listed on the tax return may not match the IRS records. You may have failed to electronically sign the return or applied after the deadline.

This email has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

It's so simple.  And the timing is perfect too - with the Holiday season in full swing. The time limit is there to give a sense of urgency - no time to think, gotta visit the site and claim your $$$. This whole scam is made even more convincing by the dumb system that someone in charge at Govbenefit.gov put in place - a link forwarder.

More info on the Sophos website.

How can you tell it's a scam?  Well, the site asks for your credit card info!

This entry was posted on Wednesday, November 30th, 2005 at 18:12 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.