My wife forwarded me an email that one of her work colleagues had received from a CPA. The accountant had been contacted by a few clients asking about an email purportedly from the IRS. The gist of the message is the recipient has to click onto the URL that is included in the email to go to the IRS site to answer questions about unreported income. The email is bogus and the link probably goes to a site that will perform SQL injection or other such attack against the user’s PC.
There’s plenty of new email scams that use the cover of legitimate organizations. In the latest edition of the SANS Institute – Ouch! Newsletter they cite three such examples. This newsletter is geared to end users so they may stay abreast of the latest IT security threats. They’ll email the newsletter monthly if you sign up for it. In section 2, Scams and Hoaxes, here are three recent email scams they cite that I’ll share:
Purdue University Warns Affiliate Organizations of .com Email Scam
Organizations closely affiliated with Purdue have been targeted by scam emails claiming that the University is changing its domain name and urging recipients to update their weblinks. The embedded link points to a fraudulent Purdue homepage. Purdue University is not changing its domain name and has no plans to move its web offerings to “.com” site.
For more information click here.
Alarmist Swine Flu Emails
According to email warning messages, H1N1 (swine flu) is wiping out entire villages in parts of Asia and has already mutated into a more deadly strain. This information supposedly originates from experts at the US based Centers for Disease Control and Prevention (CDC) and The Johns Hopkins University. However, it is unsubstantiated and false, as are claims that the mutated version of the virus is set to reach the United States in coming months where it will kill six out of ten people and necessitate implementation of martial law.
For more information click here.
Bell Canada Phishing Scam
This email, which purports to be from Bell Canada, claims that due to a problem with a recent bill payment, the recipient is required to update his or her billing information or risk an interruption of service. The recipient is advised to follow a link in the message to confirm and update billing information. However, the message is not from Bell Canada. Instead, it is a phishing scam designed to steal personal and financial information from Bell Canada customers.
For more information click here.
If you’re responsible for the IT security of your organization these are great examples to share with your users as part of their ongoing security training and awareness. Email scams and hoaxes aren’t just from Nigeria anymore.
Related posts:
