Scammers Impersonate CRA in Phishing Scam
According to security researchers at Cisco IronPort, cyber criminals impersonating the CRA (Canada Revenue Agency) are scamming people with tax related subjects asking them to furnish their private information to avail the benefits of a so-called stimulus money and tax refund.
As usual, the scam e-mail first directs the recipients to log onto a website by following the given link so that the refund procedure could be started. Thenceforth, they are asked to follow another URL that takes a user to a seemingly legitimate online application asking him/her to provide bank account particulars as well as other personal data. This data is subsequently transmitted to fraudsters who most likely use it to commit identity theft, security specialists explained.
As per the specialists, the CRA scam is highly distinctive in character as it is very sophisticated. The campaign targets only Canadian organizations and residents through either the .com or government.ca sites established in the region.
Moreover, phishing scams usually have messages with wrong English such as grammatical and spelling errors. But the CRA phishing scam seems to be devised in a well-organized way, with the perfect resemblance to the top front or header of the Canada Revenue Agency, said the experts.
And while most identity fraud cases occur through stolen or lost identification, the business of stealing Internet identity is rapidly growing due to increasing phishing operations, according to the CRA officials. Thus, as a measure of precaution, Canada Revenue Agency is enhancing its IT safeguards in the wake of phishing scams attempting to dupe users with fraudulent refunds during the new tax season.
Besides online pranksters and phishing scams, the CRA has also expressed concern about SQL injections and botnets. The agency said it was placing special emphasis on commercial software by scanning it at least thrice for any possible issue.
Meanwhile, phishing attacks against the CRA are not new, said security researchers. In the beginning of 2009, criminals sent e-mail from the CRA that similarly said it would make a tax refund to the recipient provided he/she supplied his/her banking details.
Related article: Scammers Exploit Tax System Resulting in ID Theft
» SPAMfighter News - 17-03-2009