Small Business Reading Room


Thursday, December 01, 2005

 

IRS hack enables phishing scam

The IRS is demonstrating a lack of security know how by using an open redirect on their website. The open redirect allows anyone to craft a URL that will appear to go to the IRS "GovBenefits.gov" site but actually goes to another.

The Phishing scam was contained in an email that claimed the recipient was eligible for a $571.94 refund. When the user clicked on the link to find out how to claim the refund, they are redirected to the phishing site and asked to provide a social security number and credit card details.

News.com provides a sample link that you can use to demonstrate the security error and test to see if the IRS has fixed the problem at the same time.

This link appears to go to the GovBenefits.gov site but actually uses the government site to redirect you to the article they published about the exploit: http://www.govbenefits.gov/govbenefits/externalLink.jhtml?url=http://www.news.com
posted by Larry at 10:31 AM - permalink 0 comments





link to Atom Feed
links

magazines

blogs

Archives

Delaware Intercorp, Inc.
113 Barksdale Professional center
Newark, DE 19711-3258

"For all the best reasons to incorporate,the best place
is Delaware and the best incorporator is
Delaware Intercorp!"

Call Monday - Friday 09:00 (am) - 17:00 (pm) Eastern Time (GMT-05:00)

Toll Free - USA only - 888.324.1817
International: (1) 302.266.9367
FAX: 302.266.9940
Email: info@delawareintercorp.com