Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Consumer Advocate
Weekly Brief
Daily Technology News
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Scams & HoaxesOnline SecurityCybercrime

Phishers Pose as IRS Agents

Security glitch enables hackers to usurp government sites and mislead users into revealing personal data.

Robert McMillan, IDG News Service

Thursday, December 01, 2005 9:00 AM PST
Recommend this story?
Yes
No

The Department of Labor says it is working to fix a programming glitch in a government Web portal that makes it easier for phishers to trick people into disclosing sensitive information. The flaw was first exploited by phishers who, earlier this week, began sending out bogus e-mail messages asking for personal information, including social security and credit card numbers.

The bug lets these phishers redirect URLs that use the GovBenefits.gov domain to fraudulent Web sites that are unconnected with the U.S. government.

Disguised as IRS

This redirecting flaw was first exploited just days ago by phishers masquerading as the Internal Revenue Service, said Graham Cluley, a senior technology consultant with Sophos, a British security firm that has been researching the matter.

"The people behind GovBenefits.gov have implemented their software in such a way that leaves the Web site vulnerable to a phishing attack," he said. The technique is particularly effective because the link that users click on is, in fact, a genuine GovBenefits.gov link, he added.

The fraudulent e-mail claims to require the sensitive information in order to process a tax refund, and purportedly comes from tax refunds@irs.gov, the IRS said.

Scrambling for a Fix

The GovBenefits.gov Web site is used by 16 federal agencies, including the IRS, and is designed to help users determine their eligibility for government-funded benefit and assistance programs. It is maintained by the Department of Labor.

Though the site's redirect glitch is not common, Sophos has seen it before, usually made by programmers looking for a flexible way to move users around their Web sites, Cluley said. "It's a simple mistake to make, until you realize the consequences," he said. "They probably didn't see how it could be used."

The Department of Labor is working to fix the glitch and hopes to resolve the problem this week, a Labor Department spokesperson said.

Meanwhile, the IRS published a statement Wednesday, warning users of the scam.

"What we want people to know is if you get an unsolicited e-mail that purports to be from the IRS and it's asking for personal information, that's bogus," said Eric Smith, an IRS spokesperson. "We're not going to request that you provide this kind of information by e-mail."


Recommend this story?
Yes
No
Related Searches: security flaw website glitch security news news phishing

Comments
Related Content
Latest News
EDS Buy Could Give HP Edge Over Dell, Analysts Say
Hewlett-Packard's acquisition of Electronic Data Systems won't hurt Dell in the next few years, but it could affect Dell's... 16-May-2008
Microsoft Pulls Windows Home Server Backup Feature
Microsoft confirms that it has yanked parts of a backup feature from a major upgrade to its Windows Home Server. 16-May-2008
HP Confirms XP SP3 Endless Reboot Snafu, Promises Patch
HP confirms that some users of its AMD-based desktops have had problems after installing Windows XP Service Pack 3. 16-May-2008
Say Goodbye to Muni-Fi
The days of imagining Wi-Fi blanketing a city are over with the exit of the last major municipally focused Wi-Fi service provider. 16-May-2008
Microsoft: Don't Misunderstand UAC, Other Vista Features
In its continued attempt to convince business customers to adopt Vista, Microsoft has outlined and tried to explain some of... 16-May-2008
Sony Reveals 2008-2009 PlayStation Software List
Sony Friday revealed a list of 15 upcoming games for the PlayStation 3, PS2 and PSP. 16-May-2008
HP-EDS Buy, Icahn Strikes Again, China Quakes
This was a big IT news week, with the massive earthquake in China on Monday showing once again the role that the Internet... 16-May-2008
Universal Battery Charger Debuts for Apple Laptops
FastMac on Friday announced its new U-Charge. It's a universal battery charger for Apple laptops and it costs US$69.95; it... 16-May-2008
Optimizing Windows on Your Mac
The June 2008 issue of Macworld includes a feature article on running Windows on your Mac--and how to do it in the most... 16-May-2008
TapDex 3.3.2
Apple's Address Book utility is a handy place to store information for your contacts, especially since it integrates so well... 16-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)