Skip to main content

Not If Just When

Told you so… I predicted the inevitability of this scam two years ago and it’s only a matter of time before it reaches the UK.

Email fraudsters are taking advantage of lax government security around a US government website to run a scam designed to trick US taxpayers into handing over sensitive personal information.

A phishing email which pose as notification of a refund from the US's Internal Revenue Service (IRS) takes advantage of security configuration weaknesses on a secondary website run by the Department of Labor, according to security firm Sophos. It warns that these emails redirect surfers to a bogus website with users fooled into thinking they remain on a legitimate US government site. –The Register. (opens in new tab)