Full Disclosure mailing list archives

RE: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 15 Dec 2005 12:48:51 -0600

FAO me? Please...you didn't report anything. You think a company that
scan 70 million sites a night didn't have the information before you?
You really are dreaming...

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v
Sent: Thursday, December 15, 2005 12:47 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Fwd: WSLabs,Phishing Alert: 
Internal Revenue (FAO Todd Towles)

Heres proof I have infulence over the biggest of corporations!

---------- Forwarded message ----------
From: Websense Security Labs <DoNotReply () websensesecuritylabs com>
Date: Dec 15, 2005 6:40 PM
Subject: WSLabs, Phishing Alert: Internal Revenue Service
To: xploitable () gmail com

Websense(r) Security Labs(TM) has received reports of a new 
phishing attack that targets American taxpayers and claims to 
be the Internal Revenue Service. Users receive a spoofed 
email message, which claims they may access and track their 
tax refund information online. Upon clicking the link in the 
email, users are taken to a fraudulent website. The 
fraudulent website prompts users for their first and last 
name, social security number, mailing and email address, 
credit card number, CVV2, and ATM pin.

This phishing site is hosted in Italy and was down at the 
time of this alert.

Phishing email:

*Subject:* Refund notice

You filed your tax return and you're expecting a refund. You 
have just one question and you want the answer now - Where's 
My Refund?

Access this secure Web site to find out if the IRS received 
your return and whether your refund was processed and sent to you.

**New program enhancements** allow you to begin a refund 
trace online if you have not received your check within 28 
days from the original IRS mailing date. Some of you will 
also be able to correct or change your mailing address within 
this application if your check was returned to us as 
undelivered by the U.S. Postal Service. "Where's My Refund?" 
will prompt you when these features are available for your situation.

To get to your refund status, you'll need to provide the 
following information as shown on your return:

* Your first and last name

* Your Social Security Number (or IRS Individual Taxpayer

Identification Number)

* Your Credit Card Information (for the successful complete of the

process)

Okay now, **Where's My Refund

<LINK DELETED>

Note: If you have trouble while using this application, 
please check the Requirements 
<http://www.irs.gov/individuals/article/0,,id=96582,00.html> 
to make sure you have the correct browser software for this 
application to function properly and check to make sure our 
system is available 
<http://www.irs.gov/individuals/article/0,,id=141231,00.html>.

Phishing screenshot available with full alert.

For additional details and information on how to detect and 
prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=372

=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-
Websense Security Labs discovers and investigates today's 
advanced internet threats and publishes its findings enabling 
organizations to best protect employee computing environments 
from increasingly sophisticated and dangerous internet threats.

To unsubscribe: http://www.websensesecuritylabs.com/unsubscribe
FAQs: http://www.websensesecuritylabs.com/about/
Download a free 30 day trial: 
http://www.websense.com/downloads/SecurityLabs/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) n3td3v (Dec 15)
- Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Valdis . Kletnieks (Dec 15)
- Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) womber (Dec 15)
- Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) GroundZero Security (Dec 15)
  - Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Joe Average (Dec 15)
- Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) qballus (Dec 15)
  - Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Joe Average (Dec 15)
- <Possible follow-ups>
- RE: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Todd Towles (Dec 15)
  - Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) n3td3v (Dec 15)
- RE: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Todd Towles (Dec 15)
  - Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) n3td3v (Dec 15)
    - RE: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Kurt Manske (Dec 15)
    - Re: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Dave Korn (Dec 16)
- RE: Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles) Jason Jones (Dec 15)