2010 October | Patricia & Tom Scott Interiors

This came to me from my CPA today and I felt it important enough to not speed read through as I do most email warnings. I trust my CPA of more than 20 years for warning about this one. Patricia Scott

New ‘IRS’ Phishing Scam: A Criminal Gang Is In Your Mailbox

By Jane Bryant Quinn | Oct 20, 2010 |

If an IRS warning suddenly pops up in your email, do not — repeat, not — click on the link. Trust me, the government isn’t reaching out to help you. You’re being phished, and not by a garden-variety spammer. You’re hearing from Avalanche, the largest and one of the most sophisticated criminal gangs on the Web.

I got a string of those “urgent” IRS messages this week, claiming that I’d made a paperwork mistake when I paid my tax. The headings read, “LAST NOTICE: We decline your Federal tax payment,” followed by an ID number. Or, “LAST NOTICE: The Identification Number used in the company identification field is not valid.”

The first message gave me pause. Who among us doesn’t hate to hear from the Internal Revenue Service? The email appeared to come from the Electronic Federal Tax Payment System (ETFPS), which is the website you use when paying your income taxes online. I thought for a couple of seconds. Could I have made a tax mistake?

Then good sense took over. The IRS does not get in touch with taxpayers by email. It sends you one of those mean-looking envelopes with a lot of black type in the upper left-hand corner. I wriggled off the phish-hook and hit Delete.

To anyone caught by this scam, the news is bad. International e-crooks have stepped up their game, says Greg Aaron, director of domain security at Aflias, an internet infrastructure company. You’re at even greater risk than you thought.

A traditional phisher wants personal financial information. You might be told that a Federal Express package was misdirected or that there’s a question about your bank account. If you click, you’re sent to a second screen where you’re asked to “update” or “validate” your current data — your credit card number, Social Security number, or the number and password of your bank account. The second half of 2009 saw a record number of unique phishing attacks, reports Aaron, co-author of the Global Phishing Survey sponsored by the internet industry’s Anti-Phishing Working Group. By now all but the most careless of consumers have caught on and refuse to play.

Hence, the change in tactics. In place of traditional phishing, Avalanche and its copycats have seized on a dangerous piece of malware known as the Zeus banking Trojan. If you click on the link provided by the LAST NOTICE IRS email, you might be taken only to an innocuous information page. You’d read, delete, and move on to something else. During those few moments, however, the malware will zap itself into your machine.

You won’t even know that you’re harboring Zeus. But — like the Dementors in the Harry Potter stories — it’s sucking out your computer’s soul. It grabs the user names and passwords to the bank and mutual fund accounts that you manage online, and logs in to drain them dry. It sweeps up your address book, to spread itself to the computers of your contacts and friends. If you happen to be online with your bank when Zeus pops in, it will show you the real numbers while, in the background, it’s pulling money out.

If Zeus gets lucky, it finds computers with links to the accounts of small businesses, school districts, municipalities, colleges, or other institutions and drains them, too. Avalanche is also creating shortened links, to scam you through Twitter, too.

Zeus has been around for a while, Aaron says. The basic package — bought from criminal sites online — costs a few thousand dollars, plus extra for add-ons. What’s new is that Avalanche industrialized it, making it easy and fast to launch thousands of attacks, virtually all at once. The LAST NOTICE scam is the least of it.

The Anti-Phishing group has a single message for you. Don’t let your fingers fly over your email messages. Stop and think before you connect to any link. For example: Don’t open any business email that you’re not expecting. If you have a question, call or email the business yourself. Don’t call the number that the questionable email shows, it might misdirect you to the scammer’s line. If you email the business, check the address and type it into the URL line yourself, don’t copy-and-paste the address that the questionable notice shows.

Zeus gets into Twitter, too — The group offers many more tips.

Tags: Avalanche, fraud, Internal Revenue Service, IRS, Phishing, protect computer, scams, Zeus

I just listed with so we will see if this will assist me in getting links and traffic to this blog. Learning profitable SEO with the little bit of time I have between work, traveling, and trying to have a life might be a challenge. It seems FB, Twitter, Utube, Google Analytics and the rest could end up being a full time job. I have to learn short cuts to how to drive traffic to this blog, the proper protocol and without an insider in the computer world finding this difficult. I see why web masters are hired, it really does take full time to properly position yourself on the web. As with most things, however, I need to experience all of this for myself first. I don’t know much about Seededbuzz, so if you are out there in cyberspace reading this and have any information or experience, please pass it on. I am all a buzz with anticipation.

As far as the blog, I have decided to have Tom write his Tips and Tricks for House/Home Maintenance in a monthly format for easy searching . This way you can go to the month of year or by category. Seems logical and easy. Here are some recent photos of Tom’s and my current work. He repaired an old antique clock frame in mahogany with a beaded trim piece he made to match and stained. If you need small repairs on furniture, Tom Scott Interior Contractors can get your treasured items back in wood working order.

His Tips and Tricks for Fall 2010 is in process and will get posted as soon as complete, please check back soon.