Small Business Reading Room

Thursday, December 01, 2005

IRS hack enables phishing scam

The IRS is demonstrating a lack of security know how by using an open redirect on their website. The open redirect allows anyone to craft a URL that will appear to go to the IRS "" site but actually goes to another.

The Phishing scam was contained in an email that claimed the recipient was eligible for a $571.94 refund. When the user clicked on the link to find out how to claim the refund, they are redirected to the phishing site and asked to provide a social security number and credit card details. provides a sample link that you can use to demonstrate the security error and test to see if the IRS has fixed the problem at the same time.

This link appears to go to the site but actually uses the government site to redirect you to the article they published about the exploit:


Post a Comment

link to Atom Feed




Delaware Intercorp, Inc.
113 Barksdale Professional center
Newark, DE 19711-3258

"For all the best reasons to incorporate,the best place
is Delaware and the best incorporator is
Delaware Intercorp!"

Call Monday - Friday 09:00 (am) - 17:00 (pm) Eastern Time (GMT-05:00)

Toll Free - USA only - 888.324.1817
International: (1) 302.266.9367
FAX: 302.266.9940