Article 4VDJ9 Researchers see spike in “out of season” IRS-impersonating phishing attacks

Researchers see spike in “out of season” IRS-impersonating phishing attacks

by
Sean Gallagher
from Ars Technica - All content on (#4VDJ9)
irs-800x382.png

Enlarge / A fake IRS site used in a set of phishing campaigns observed by Akamai from August to October. (credit: Akamai)

Tax return scammers usually strike early in the year, when they can turn the personal information of victims into fraudulent tax refund claims. But members of Akamai's threat research team found a recent surge in "off-season" phishing attacks masquerading as notices from the Internal Revenue Service, targeting over 100,000 individuals. The attackers used at least 289 different domains hosting fake IRS websites-the majority of them legitimate sites that had been compromised. This wave of attacks came as the October 15 deadline for people who had filed for extensions approached.

According to a post by Akamai's Or Katz, the phishing campaigns kicked off in the second half of August, with the majority of victims targeted between August 22 and September 5. But the campaigns continued to be launched into early October. Each of the fake websites used visually identical HTML pages, with randomly generated style tags and other content, in an attempt to throw off signature detection by security software.

Most of the domains were active for fewer than 20 days. However, a significant number of them remained active after a month-undetected by the owners of the sites. "The lack of maintenance on legacy websites, as well as the challenges of patching and removing injected content, explains the duration over which phishing pages can remain active," Katz wrote.

Read 2 remaining paragraphs | Comments

index?i=ufC59N8hVBk:5nScT353Oi0:V_sGLiPB index?i=ufC59N8hVBk:5nScT353Oi0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments