lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310512151046m22f5fb9fh99c5934bb0b40576@mail.gmail.com>
Date: Thu Dec 15 18:46:53 2005
From: xploitable at gmail.com (n3td3v)
Subject: Fwd: WSLabs,
	Phishing Alert: Internal Revenue (FAO Todd Towles)

Heres proof I have infulence over the biggest of corporations!

---------- Forwarded message ----------
From: Websense Security Labs <DoNotReply@...sensesecuritylabs.com>
Date: Dec 15, 2005 6:40 PM
Subject: WSLabs, Phishing Alert: Internal Revenue Service
To: xploitable@...il.com


Websense(r) Security Labs(TM) has received reports of a new phishing
attack that targets American taxpayers and claims to be the Internal
Revenue Service. Users receive a spoofed email message, which claims
they may access and track their tax refund information online. Upon
clicking the link in the email, users are taken to a fraudulent
website. The fraudulent website prompts users for their first and last
name, social security number, mailing and email address, credit card
number, CVV2, and ATM pin.


This phishing site is hosted in Italy and was down at the time of this alert.

Phishing email:

*Subject:* Refund notice

You filed your tax return and you're expecting a refund. You have just
one question and you want the answer now - Where's My Refund?

Access this secure Web site to find out if the IRS received your
return and whether your refund was processed and sent to you.

**New program enhancements** allow you to begin a refund trace online
if you have not received your check within 28 days from the original
IRS mailing date. Some of you will also be able to correct or change
your mailing address within this application if your check was
returned to us as undelivered by the U.S. Postal Service. "Where's My
Refund?" will prompt you when these features are available for your
situation.

To get to your refund status, you'll need to provide the following
information as shown on your return:

* Your first and last name

* Your Social Security Number (or IRS Individual Taxpayer

Identification Number)

* Your Credit Card Information (for the successful complete of the

process)


Okay now, **Where's My Refund

<LINK DELETED>

Note: If you have trouble while using this application, please check
the Requirements
<http://www.irs.gov/individuals/article/0,,id=96582,00.html> to make
sure you have the correct browser software for this application to
function properly and check to make sure our system is available
<http://www.irs.gov/individuals/article/0,,id=141231,00.html>.

Phishing screenshot available with full alert.

For additional details and information on how to detect and prevent
this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=372



=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-
Websense Security Labs discovers and investigates today's advanced
internet threats and publishes its findings enabling
organizations to best protect employee computing environments from
increasingly sophisticated and dangerous internet threats.


To unsubscribe: http://www.websensesecuritylabs.com/unsubscribe
FAQs: http://www.websensesecuritylabs.com/about/
Download a free 30 day trial: http://www.websense.com/downloads/SecurityLabs/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ