On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

A New Phish In My Pond

I “hooked” this at Noon.

From: “Internal Revenue Service” <refunds @ irs·gov>
Subject: Get Your Annual Tax Refund
Date sent: Mon, 12 May 2008 13:52:22 -0400
Send reply to: <refunds @ irs·gov>

[Insert nice fake IRS logo here]

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $109.30. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Internal Revenue Service

Well, they at least paid attention to the e-mail address and added a spiffy logo. They also ran it through an American English spell check, but, alas, they need more work on their grammar.

The raw view shows this came from the mail server at theelbowroom·co·uk, but the internal internal links to the spiffy logo and “click here” belong to klimat–prof·net, or more properly климат–проф·нет, as they are a Russian site/сайт.


1 Kryten42 { 05.12.08 at 7:54 pm }

SO… Is this the new ‘Public Service’ part of Why Now? 😉 😀 Or are you just having some fun? LOL

Still… it’s a bit better than the usual “How to wow the women”, or “Congratulations! You just won a lottery” that you never entered! LOL

If I find any worthy of publishing (and that can be shown on a public, family oriented *cough* forum), I’ll stick up a comment. 😀

Cheers! LOL

2 Kryten42 { 05.12.08 at 8:00 pm }

Actually, on a more serious note… There is a very good site that keeps up-to-date on the Phishing Scams for anyone interested. 🙂 I check it now and then…

Phishing Scams and Spoof Emails at MillerSmiles

You can also submit and scams you find there. 🙂

Do I get a brownie point now? 😉 LOL

3 Kryten42 { 05.12.08 at 8:13 pm }

I get Security bulletins and security announcements etc from several sources. If anyone wants any info on anything PC security related, leave a comment.

Here is one I received April 24 on what is considered to be the worst IRS scam just beginning to appear.

IRS phishing scam targets stimulus payments

Sorry to hijack the thread Bryan. 🙂 But I figured I may as well be useful for a change, hopefully anyway. 🙂

Cheers all, and stay safe! And… nahhh… I’ll leave out the obvious (and probably immature) comment. LOL

4 Bryan { 05.12.08 at 9:53 pm }

I published the Scandinavian attempt because it was so bad, but it showed some social engineering by appealing to greed – get a non-profit payment even though you aren’t a non-profit. This one is up because of the connection to my old adversary. The Russians, Bulgarians and Romanians do a lot of this garbage, and the practice shows – a much more professional job.

I normally just report them to the PhishTank, because the US government makes it such a PITA to report it to them. I found the ‘Tank while trying to report a phish to the Bank of Rome, where I do not have an account.

My e-mail reader presents everything a text and will not launch a browser for links. It can do all the “helpful” things, but you have to say you want them, it doesn’t automatically do them.

It is annoying that these guys have apparently highjacked a British SMTP server to send this garbage. The guys administering theelbowroom·co·uk need to update their software with the latest patches to stop this sort of thing from happening. I have sent nasty notes to the administrator of the e-mail server I used most often about the state of their updates, and then finally moved the account because they weren’t paying attention. Patching the system software on a regular basis is the easiest way to combat this effluent.

5 Kryten42 { 05.13.08 at 12:15 am }

It’s even worse than people imagine. There is a Virus/Trojan (the security scene is still debating what to call it) called Phishbank that attacks IE ‘Favorites’ and modifies your favorites links to specific sites (such as any banking links you have) and redirects them to their mirror of the site. All looks legit to the user, but they record all your logon details and you are done! I have a bulletin about it from CA (Computer Associates, not California).

Latest Phishing Scams – CA

And yes, they are getting very sophisticated.

A very good resource if you are interested is the APWG (Anti-Phishing Working Group).

The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

Anti-Phishing Working Group

Luckily here in Aus, the Government (even the moronic Howard Gov amazingly) take this seriously and expanded the ACCC’s (Australian Competition and Consumer Commission) powers in this area. ACCC Have set up a good SCAMwatch website. 🙂


Only way to be safe on the ‘net is knowledge. It’s one place where ignorance can cost you plenty!

Cheers. 🙂

6 Kryten42 { 05.13.08 at 12:25 am }

BTW, I meant to mention… That SCAMwatch site is a very useful resource since it’s focus is Scams of *ALL* types!! Dating scams, marketing scams, health scams, mobile phone scams, religious scams… etc! They are all there. 🙂

I have found that the best of the webmail (free) mail accounts is Gmail. I have three Gmail accounts now that I use for various things. It rarely let’s real spam into my inbox, and very rarely get a false positive. These are all throw-away accounts so if it does get to bad, i’ll just create a new account. Plus Gmail has generous storage (about 6.7GB/account at the moment) that I can use for temporary storage. There is a free software package that basically turns your Gmail accounts into a virtual HDD. But for real-world (business and close friends etc), I use a real eMail system. The client I prefer is The Bat! (I actually use SecureBat!) And the best adaptive (beysian) filter I have found is a Russian one! LOL 😉 Funny that… 🙂

Be safe out here people! 😀

7 Bryan { 05.13.08 at 12:40 am }

Actually, I was considering putting up this story, Flaw turns Gmail into spamming machine from CNet before I went with the Phish thing.

They are great for people who pick up their mail there, but Gmail SMTP servers aren’t as secure as they should be.

8 Kryten42 { 05.13.08 at 1:29 am }

None of them are. 🙂 That’s why I use them for *throw-aways* and keep my private email addy’s… private! LOL Hotmail is bad also. When M$ took over Hotmail, they tried to use M$ servers, but that was a dismal failure. The backend runs on Unix still. M$ now say they have moved Hotmail to M$ but that’s a lie. Parts of the Administrative system are running M$ Servers. A friend in the US told me at Xmas because he applied for a Unix Sys Admin job at Hotmail. 🙂

I never get spam in my private mailboxes. One of my WhoMe Gmail acc’t gets about 30 spam’s/day! I use that for signing up on various sites. 🙂 The other two I use for others things and get less spam (but still get some).

9 Steve Bates { 05.13.08 at 12:03 pm }

On a related topic, when you send to a Gmail address, don’t ever type it manually into the To: address of the message. Add the address to your contacts list, verify it visually and use the contact, even if you’re sending only one message to it.

Why? Because someone in the Pacific Rim has registered “gmal.com” and is sitting out there receiving everything anyone mistypes in an attempt to send to “gmail.com”. It happened to me, when I tried to send something to my own Gmail address. Fortunately, it was nothing containing anything commercially valuable, but I’ll bet they get a lot of mail they can use for nefarious purposes.

10 Bryan { 05.13.08 at 2:55 pm }

Outlook is the most dangerous e-mail program on the planet. It took a while, but I got rid of it without ever launching it. What Microsoft doesn’t know about e-mail has filled several books. I cringe every time I see someone I have to communicate with using it. I’ve been known to call people to be sure the e-mail really is from them, before opening it, if it comes from an Outlook machine.

I get annoyed when large e-mail sites complain about spam and phishing, occasionally suing someone over it, and yet, fail to implement the most basic of precautions, updated software.

MS servers don’t scale worth a damn. They handle light to medium in a somewhat competent fashion, but when the load increases they fail miserably. Congress was on a MS server for a month before it had to be swapped because it couldn’t keep up.

When you have cats helping you type, you depend on cut-n-paste, Steve.

11 Badtux { 05.13.08 at 6:19 pm }

Note that The Bat! is a favorite of “legit” spammers (i.e. those spamming real products rather than the scams), and my spamassassin automatically assigns +2 to any email that comes from it.

I’m still plugging away on hoary old Thunderbird on my Macbook. I tried Apple’s Mail application, it was kind of clunky for me, I’m just not used to working that way. Folks who’ve never been exposed to the old way of doing things seem to like it though. (Shrug).

12 Bryan { 05.13.08 at 7:15 pm }

I used Eudora until they were bought out and then switched to Pegasus. I would have probably gone with T-bird if it had been ready as I used the Netscape mail client for a long time.

I’m still trying to trace which of my minor accounts is using the really great spam software, but it isn’t very active and I watch too many accounts for specific purposes. Normally it tells me where they got my address when they spam.

13 Kryten42 { 05.13.08 at 8:18 pm }

Steve: Good point! 😀

Badtux: Yes, I have heard that about The Bat! And in fact, I use it because it manages my growing mailing list nicely. Very customizable. But also because it has never let me down since I began using it in 2003. I’m not sure I’d recommend it for the normal *Mom’s & Dads* with an occasional email, though having said that, I have a friends family that were going insane with Outlook Express, then Outlook (after a friendly local PC guy sold it to them as the solution, which it wasn’t!) They said it took a bit to get used to it, but now wonder why anyone uses OE or Outlook and tell all their friends they are mad. LOL Nothing like a converted advocate! 😀

And you are right about the Apple Mail client on Mac’s. Some Mac users were using Eudora for awhile also.

I’m kinda waiting for Tbird to mature a bit more. Took awhile for Firefox (and it still has a way to go! It’s getting a bit bloated memory hungry again). I’m just starting to try out Safari for Win, because I have to (for web site compatibility testing mainly). When I used OS X 10.2 & .3, Safari was lightweight on features but not too bad. Site compatibility was it’s biggest problem.

Of course, on my Linux system, I don’t have these problems. LOL