Recipients are initially requested to log in to an embedded Web site in order to start the refund process. From there, the users are required to click on another URL that leads to a legitimate-looking online application. However, bank account numbers and other personally identifying information submitted by the victims are delivered instead to cybercriminals, who then use the acquired data for identity theft schemes, security experts said.
One of the biggest distinguishing features of the CRA phishing campaign is that it is surprisingly sophisticated, security experts said.
For one, the attacks only target Canadian-based residents and organizations -- either the government.ca sites or .com sites based in the country.
"Given that the information is targeted, (cybercriminals) have to be more lucrative," said Nilesh Bhandari, product manager for Cisco IronPort. "For a message like this, they can send a small number and they can make this to be a very profitable endeavor for themselves."
Bhandari also said that this scam relies upon a fast-flux botnet, making it challenging to pinpoint and shut down. And unlike other tax-fraud scams, this one appears convincing with grammatically correct English and no identifiable spelling or typographical errors.
"Usually when we see the IRS phishing scams, they don't have perfect English, there are some typos and some grammatical issues," he said. "This one was very well-organized and constructed. It looks exactly like the header or top font of the Canada Revenue Agency."
Within the first three days of its inception, the attack successfully infected hundreds of thousands of people, Bhandari said, in part due to the legitimate appearance coupled with the bleak economic conditions and the popularity of online tax returns. Meanwhile, many users are also likely doing taxes online for the first time, and might be unaware of the process, he said. Many tax agencies, such as the IRS, have policies that prohibit issuing tax return status to citizens via e-mail.
Down the road, Bhandari said that he expects to see more specialized, highly targeted tax or stimulus package attacks playing to fears of cash-strapped individuals as the economy worsens and budgets continue to shrink.
"More people are expecting a rebate. As part of that process, more people are expecting that rebate going directly to their deposit account," he said. "As a result, they may believe that a message like this may be something they truly need to respond to."
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
