Tech Tips

This scam is on the rise and there are several variations. However, the underlying theme remains the same--the scam tries to convince unsuspecting taxpayers into believing that they are due a refund. The victims are then directed to an authentic looking website to provide personal information to receive such refund.

Initial contact is made via e-mail that is phishing for personal information. Scams related to IRS refunds have been around as long as we have been paying taxes. This particular scam originated from the United States and first became noticed in November of 2005.

This scam frequently uses the following tactics:

• Potential victims receive an email that looks very official claiming to be from the U.S Internal Revenue Service.
• The e-mail claims that the recipient is eligible for a tax refund.
• The e-mail purports to be from tax-returns@irs.gov, with a subject line of "IRS Tax Refund."
• A link is provided in the e-mail to an access form that the victim is told is required to be completed in order to receive the refund.
• The taxpayer then provides their name, address, social security number and credit card information via this website interface. The criminal has then captured personal information of the victim that can be used to perpetuate identity theft and other crimes of fraud.
• The victim is then notified that they will be receiving their refund in several weeks.

This is an advanced phishing scheme. The victims were originally taken to an actual IRS website and then redirected to the criminals site. The criminals were able to achieve this due to a configuration issue on the government site. Now that the configuration issue has been remediated, potential victims are taken to a phony site. Albeit not as advanced as when the scam originally surfaced, it continues to be effective.

There are now reported incidents of identity theft and account fraud related to this scam.

There are now several variations of this scam. Some of the details will vary and the following sample should only be used as an example to illustrate what such an e-mail may look like;

You are eligible to receive a tax refund for $571.94

To access the form for your tax return use the link below:

*victims are then instructed to copy and past the link into the address list of their browser*

12 days left to apply for your refund. You may not receive your refund as quickly as you expected. A refund can be delayed for a variety of reasons. For example, a name and Social security number listed on the tax return may not match the IRS records. You may have failed to electronically sign the return or applied after the deadline.

This email has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

If you believe that you may be a victim of this scam, or other crimes of identity theft or fraud, use the following guidelines and resources to report your incident;

• Do not open any attachments in this e-mail, in case they contain malicious code that may infect your computer.
• Contact the IRS at 1-800-829-1040 to determine whether theIRS is trying to contact you about a tax refund. Remember though, the IRS will never try to contact you about a refund through an e-mail.

1. Generic greetings.
   Many spoof emails begin with a general greeting, such as: "Dear member." If you do not see your first and last name, be suspicious and do not click on any links or button.
2. A fake sender's address.
   A spoof email may include a forged email address in the "From" field. This field is easily altered.
3. A false sense of urgency.
   Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim some company is updating its accounts and needs information fast.
4. Fake links.
   Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
   • Direct you to a spoof website that tries to collect your personal data.
   • Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
   • Cause you to download a virus that could disable your computer.
5. Emails that appear to be websites.
   Some emails will look like a website in order to get you to enter personal information. Most credible companies will never ask for personal information in an email.
6. Deceptive URLs.
   Only enter usernames and passwords on pages that you know belong to the company you are associated with. If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
7. Misspellings and bad grammar.
   Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
8. Unsafe sites.
   The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
9. Pop-up boxes.
   Most credible companies will never use a pop-up box in an email as pop-ups are not secure.
10. Attachments.
    Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. Most credible companies will never email you an attachment or a software update to install on your computer.

A firewall operates between your computer or network and the Internet, and examines the data that attempts to move through it. The firewall can be set up to block or to allow particular types of data. A firewall that protects a whole LAN is called an edge firewall, a perimeter firewall, or sometimes a network firewall. Firewall software that is installed on a single computer to protect just that computer is called a personal firewall or a host firewall. For more information about the details of how firewalls work, see the article "How Firewalls Work" at http://computer.howstuffworks.com/firewall.htm.

Windows XP includes a built-in personal firewall called the Internet Connection Firewall. When you install Service Pack 2 (SP2), this firewall is replaced by Windows Firewall, which has increased functionality. SP2 also turns the firewall on by default. If you do not have other firewall software installed or if a network firewall is not protecting the network, you should always have the firewall enabled on your Windows XP computer. Third-party personal firewall software is available for older versions of the Windows operating system. For more information about Windows Firewall, see the article "Understanding Windows Firewall" at http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx.

Some personal firewalls allow you to block specific applications or protocols (for example, Telnet). Firewalls can also block outgoing data (for example, preventing a Trojan or virus from causing your computer to send out personal data without your permission. The firewalls built into some broadband routers are not very configurable; they protect the computers behind them from being seen on the Internet by using network address translation (NAT) to conceal private IP addresses of LAN computers.

A firewall may prevent you from using particular Internet applications or visiting certain Web sites. Firewalls are sometimes combined with proxy servers, which act as intermediaries between users’ computers and Internet Web servers. They can also store copies of the Web sites you visit (called caching) so that when you or someone else on your LAN wants to visit that same site again, it can be downloaded more quickly from the proxy server (which is part of your local network) instead of from the Internet.

Some firewalls have built in intrusion detection system (IDS) functions. If a firewall is like a guard at the gate who keeps undesirable traffic out of your network, an IDS is like a burglar alarm that alerts you when someone without authorization tries to get in. The IDS can recognize common attempted attack patterns and may be able to notify you via e-mail or pager if network activity resembles an attack. If not, it will log the information so you can track it later. More sophisticated IDS products are separate from the firewall. Like firewalls, IDS and IPS (intrusion prevention systems) can be either host-based (installed on your personal computer) or network-based (placed between the Internet and the LAN).

Computer viruses do millions of dollars in damage every year, so it is absolutely essential that every computer that connects to a network have adequate virus protection. Antivirus software such as Symantec Norton Antivirus (information available at www.symantec.com/product/index.html), Trend Micro PC-cillin (information available at http://www.trendmicro.com/en/products/global/enterprise.htm) and Network Associates McAfee (information available at http://www.networkassociates.com/us/products/home.htm) are popular virus protection programs.

Installing antivirus software is not enough. New viruses are being written and released every day. According to Symantec’s Internet Security Threat Report of July 2004, more than 4000 new viruses and worms were discovered during the first half of 2004. You must update the virus definition files that are used by the antivirus programs to detect viruses on a regular basis. (If you have an always-on connection, you should update weekly or even daily.) Most antivirus programs can be set to automatically connect to the Internet and download updates on a set schedule.

You should ensure that a full virus scan is set to run at a regular time. You should perform a full system scan at least once per week. You might want to schedule scanning for late at night or some other time when you will not be using the computer. You should also turn on auto-protect and e-mail protection features for continuous protection.

Unwanted e-mail, like junk mail in physical mailboxes, probably can never be completely eliminated. However, there are several things you can do to reduce the amount of spam you receive, including general spam protection practices, using spam filtering services or software, and using sender verification systems.

General Spam Protection Practices

• Do not give out your e-mail address indiscriminately. Spammers often collect addresses from Web forms or buy them from organizations that collect the information. When you fill out online registrations (for example, many online news sites require that you register before you can read the stories), leave the e-mail address blank or provide an alternate address. For more information on how spammers harvest addresses, see "Spam Address FAQ -- How To Fight Back" at http://laku19.adsl.netsonic.fi/era/spam/faq/spam-addresses.html.
• Set up an alternate e-mail address that you can use for activities that require an e-mail address and that are likely to result in spam. There are many Web – based e-mail services that offer free e-mail accounts.
• If you post to newsgroups or public mailing lists, leave your e-mail address out of your signature line. Some users alter their addresses in such a way that humans can discern the correct address but bots (software programs that scavenge for addresses) can not. For example, they might insert extra letters or words that are obviously not part of the address: johnsmith@mycompany.removethis.com. This technique is called address munging. For more information, see "Address Munging FAQ: Spam-Blocking Your Email Address" at http://members.aol.com/emailfaq/mungfaq.html.
• Do not reply to junk messages, even if they contain an address to write to requesting removal from the mailing list. This is a trick that is often used to verify that your e-mail address is valid.
• If a message is obviously spam (for example, if the Subject: line reads “Cheap V*i*a*g*r*aâ€�), do not open it. HTML messages can run scripts or contain beacons, which report back to the sender that you opened the message, verifying that your address is valid.
• Report spam to services such as Spamcop at www.spamcop.net. These services compile lists of known spammers that can then be used by spam blocking software.

Using Spam Filtering Services and Software

A key factor in reducing the amount of unwanted e-mail that reaches your inbox is to use spam blocking software or services. Unwanted mail can be blocked in many ways, at many different levels. For example, you can enroll in services that route your e-mail through special servers so that it can be scanned for spam.

Spam can be blocked at the firewall level when it first enters the network, by edge firewalls that support application layer filtering. The incoming messages can be blocked by sender’s e-mail address or the Internet domain from which the message originates (useful for blocking known spammers) or by content (key words or phrases).

Many organizations and ISPs that run their own mail servers perform spam filtering at the server level. You can also run spam filtering software on your client computer to catch any spam that makes it past the firewall and/or server filters. Client filtering software typically places spam in a junk mail folder in your mailbox.

The biggest problem with spam filtering is the risk of false positives (legitimate mail that was misclassified as spam). Good filtering software allows each user to check the mail that has been quarantined as spam so that they can ensure that no legitimate mail was lost. Some filtering software uses so-called “intelligent� methods to determine what is and is not spam; these methods include examining the messages you mark as spam and “learning� from them. Good filtering software also allows you to configure lists of sender addresses whose mail should never be marked as spam, as well as lists of known spammer addresses.

Many exploits, malware programs, spam schemes, and phishing scams make use of the Web to collect information. Early Web pages consisted of just text and graphics, but now sophisticated Web sites use programming embedded in the Web pages to create amazing special effects. These capabilities also create security issues. You can make Web browsing more secure by doing a few simple things:

• Keep all security patches and service packs for your Web browser and operating system up to date. For example, SP2 for Windows XP increases Internet Explorer’s security and adds pop-up blocking and add-on management.
• Configure your browser’s security settings for safe browsing.
• Configure your browser’s privacy settings to avoid unwanted cookies and pop-up ads.
• Be careful about which Web sites you visit. Sites devoted to illegal or questionable subjects, such as hacker sites, sites for downloading pirated music or software, and pornographic sites are most likely to contain malicious code.
• Enable checking of digital signatures on drivers and other programs you download.
• Do not conduct financial transactions or send private information over the Web unless the site is secure (which is usually indicated by a dialog box or a lock icon in the browser’s status bar).
• Configure your browser to not automatically download ActiveX controls, or run scripts, Java applets, or other code. If you want to be able to run code on some sites, configure the browser to prompt you before doing so.

You can adjust the security settings for your Web browser software to make Web browsing more secure. You can test your Web browser software for common vulnerabilities and determine its encryption strength at the following Web sites:

• The Scanit Browser Security Test page at http://bcheck.scanit.be/bcheck/
• The Qualys Free Browser Checkup page at http://browsercheck.qualys.com/
• The Verisign Browser Check page at www.verisign.com/advisor/check.html

There are really only two steps involved in protecting yourself against social engineers who try to charm, intimidate, or trick you into giving them information or against phishers who try to steal your personal information:

• Being aware of what is happening
• Just saying no

You should be suspicious of people who ask you for your account name and password, computer name, IP address, employee ID number, or other information that could be misused. You should be especially suspicious if they attempt to charm you or intimidate you.

If you receive e-mail that claims to be from your bank, ISP, or an organization with whom you do business that requests information about your account, do not respond via e-mail or a Web page. Instead, call the organization and ask if the e-mail request is legitimate (do not use any telephone number listed in the e-mail; look up the number separately). Most organizations do not use e-mail for such correspondence. Do not click on links contained in e-mail messages to visit an organization’s Web site. Instead, manually type in the URL for the organization’s home page and navigate from there to your account logon site.

On of the most important steps in computer security is creating strong passwords that cannot be easily guessed or deduced. Tips for creating strong passwords include the following:

• Do not use personal information for your password. Social security numbers, driver’s license numbers, phone numbers, birth dates, spouse names, and pet names are all factual information that can be found out by others.
• Do not use words that are in the dictionary, including words in foreign languages. Dictionary attacks try these words and combinations of them.
• Do use a combination of uppercase and lowercase letters, numbers and symbols.
• Do not substitute numbers for letters to make words (for example, s0ph1st1cated). Hackers are aware of this trick.
• Generally, longer passwords are harder to crack because a brute force attack must try more combinations before finding a correct one. Windows XP allows up to 128 character passwords, although the Welcome screen only displays 12 characters at the password prompt. You can switch to the classic logon screen, or just keep typing the characters after the password field appears to stop accepting them.
• Do not use sample passwords that you see in security articles or books, even if they are exceptionally complex.
• Do use a combination of letters, numbers, and symbols that have meaning to you so you – but no one else – will be able to easily remember the password. For example, mfc!rB&G might mean “my favorite colors (!) are Blue and Greenâ€� to you, but to anyone else it looks like a random combination of characters.
• Do select a password that you can type quickly, to minimize the chance of someone discovering it by watching over your shoulder when you type it. However, do not use common key sequences such as qwerty.

Remember that operating systems and applications can have security vulnerabilities, and that hackers enjoy discovering and exploiting such vulnerabilities. When vulnerabilities are discovered (either by hackers or by legitimate testing processes), software vendors typically release add-on software to eliminate the vulnerabilities.

Keeping your system and applications updated is critical to the security of your computer and network.

Patches, Hotfixes, Service Packs and Critical Updates

Software releases that address particular security vulnerabilities are called patches or hotfixes. They should be downloaded and applied as quickly as possible after a vulnerability is discovered so that it cannot be exploited.

Service packs are released at longer intervals. They usually contain an accumulation of multiple fixes for different security issues, and may also add new features or components to the operating system or application.

Software vendors release many updates that are optional. You can apply them if you are having a particular problem or if you want the particular features that they add. Critical updates are those that address serious problems and should be applied to all affected systems.

How to Keep your System Up to Date

Microsoft makes it easy to keep their software up to date with the automatic update feature that is built into Windows XP. If your computer is connected to the Internet through your organization's LAN or other always-on connection (such as cable or a DSL broadband connection), Windows XP can automatically check for available updates and download and install them for you.

The automatic update feature is configured through the Control Panel and can be set to do everything automatically. It can also be configured to download updates automatically but let you choose when to install them, or to notify you when there are updates but not download or install them without your permission.

You can also check for updates by visiting the Windows Update Web site at http://windowsupdate.microsoft.com. To update Microsoft Office programs, see Office Update on the Microsoft Office Online page at http://office.microsoft.com/en-us/officeupdate/default.aspx.

To update third-party software products, visit the software vendors’ Web sites. Some third-party products will automatically check for updates when you run them if you are connected to the Internet.

In computer security circles, the term social engineer refers to a hacker who, instead of using technical and programming skills to break into computer systems, uses people skills. The easiest way to "get in" on a computer or network is to log on with a valid user account and password, and social engineers have mastered the art of convincing other people to give them that sensitive information.

A social engineer is just an updated version of a very old type of criminal: the con artist. Social engineers con users into giving them information just like old time con men talked people into giving them money or goods. They may turn on the charm and flatter you, or they may come on strong and intimidate you. A common social engineering ploy is to call up an employee in a company and pretend to be from the IT department, claiming your account has gotten "messed up" and IT needs to "verify" your password or else you won't be able to log on to the network. Another tactic is to storm up to an employee's desk, pretending to be the company's new "head of security," and accuse him or her of releasing a virus onto the network or hacking into the big boss's files, then demanding the user's credentials in order to "check out" the employee's protestations of innocence.

The particular scenarios are limited only by the social engineer's imagination and patience. Some will spend days, weeks or even months building a relationship of trust (even a romantic relationship) with an employee - especially one with a high level of access or administrative credentials - in order to find out what they want to know. And they might not always need to ask for your password directly. Because many computer users choose passwords that represent something they'll remember easily (spouse's middle name, child's birthday), the social engineer may be able to discern enough info to guess your password just from learning such personal details.

We've talked about "phishing" here before: those e-mail messages you get that pretend to be from your bank or credit card company or eBay or PayPal, asking you to go to a Web site and type in your account information. Phishing is an e-mail form of social engineering. It doesn't rely on personal interaction as traditional social engineering attacks do, but it uses the same basic tactics: impersonation and deception aimed at making you reveal something that can be misused.

Social engineering is a growing problem because it's so difficult to defend against. Network administrators can put up firewalls or use access controls to protect against technology-based attacks, but the human factor is the weakest link. Social engineers take advantage of basic human nature: people like to be helpful, to provide information to those who seem to need it for legitimate purposes. People are also quick to provide information to defend themselves against false accusations. People don't give out sensitive information to hackers intentionally; they do it because they think they're doing the right thing.

The best way to keep from being taken in by a social engineer is to be aware of their techniques, and always be suspicious when someone asks you for your password. Network administrators should not need to know your password, even if they need to get into your account. A person who has an administrative account can simply change the password (without knowing the old one) and access your account with the new password. You should also pick your passwords carefully and never use personal info as the basis for your password.

Spyware is software that is installed on your computer without your permission. It often tags along with free software you have downloaded or comes from "infected" web sites and/or links. The most common source of spyware is file sharing software (Kazaa, Blubster, etc.). Even innocent free programs will come with spyware. In fact, it is best to assume that if the software is free, it comes with spyware attached.

Its purpose is to report your browsing habits (web sites you’ve visited) to the publisher of the spyware software. They use this information to present pop-ups that match your interests. Sometimes the information gathered is also used to send you spam.

Spyware can interrupt your network connection, slow down the performance of your computer and prevent legitimate software (such as Internet Explorer) from working properly.

They are essentially the same thing. The primary difference is that adware is used to pop-up ads that are meant to be meaningful to you, whereas spyware may pop-up ads that are offensive or have nothing to do with your interests. Both are annoying and can overwhelm your browser with pop-ups. Adware typically does not insert itself into your computer operating system as thoroughly as spyware.

Cookies are used in a manner similar to adware and spyware. They report information about you back to the publisher of the cookie. Many, many web sites use cookies. Respectable sites, such as Amazon.com, use cookies responsibly. They only store information directly related to the use of their web pages. For example, it is used to suggest products based on your past purchases. Other sites gather more information than they should. Cookies can easily be deleted and they can be recreated when you revisit the site.

1. Do not click on banners that appear at the top of web pages even if they look like a fun game, they say you are a winner or they are going to help you correct a potential problem on your computer (your clock is wrong, you have spyware, etc.)
2. Do not download free software. If you must use free software, be as selective as possible and only install that which is completely necessary. Use trustworthy web sites.
3. Do not click on AIM or MSN profile links unless you are certain they are real. Ask your friend if they know the link is there before you click on it.
4. Do not follow links in spam e-mail messages. They often take you to sites that install spyware on your computer.
5. Music/file sharing software is a pipeline to spyware, viruses and hackers. Is it worth it?
6. Make sure to run an antispyware application. Perform on-demand scans regularly to root out spyware that slips through the cracks. Reboot after removal and rescan to make sure no ticklers, which are designed to reinstall spyware, have resurrected any deleted apps.
7. Give your antispyware some backup. In addition to an antispyware app, make sure to run both software and hardware firewalls and antivirus applications to protect yourself against Trojan horses (and viruses, naturally).
8. Beware of peer-to-peer file-sharing services. Many of the most popular applications include spyware in their installation procedures. Also, never download any executables via P2P, because you can't be absolutely certain what they are. Actually, it's a good idea to avoid downloading executables from anywhere but vendors or major, well-checked sites.
9. Watch out for cookies. While they may not be the worst form of spyware, information gathered via cookies can sometimes be matched with information gathered elsewhere (via Web bugs, for example) to provide surprisingly detailed profiles of you and your browsing habits.
10. Squash bugs. Web bugs are spies that are activated when you open contaminated HTML e-mail. Get rid of unsolicited e-mail without reading it when you can; turn off the preview pane to delete messages without opening them. In Outlook 2003, Tools | Options, click on the Security tab and select Change Automatic Download Settings. Make sure Don't download pictures or other content automatically in HTML e-mail is checked.
11. Don't install anything without knowing exactly what it is. This means reading the end-user license agreement (EULA) carefully, as some EULAs will actually tell you that if you install the app in question, you've also decided to install some spyware with the software. Check independent sources as well, as some EULAs won't tell you about spyware.
12. Protect yourself against drive-by downloads. Make sure your browser settings are stringent enough to protect you. In IE, this means your security settings for the Internet Zone should be at least medium. Deny the browser permission to install any ActiveX control you haven't requested.
13. Keep up to date on the ever-changing world of spyware. Knowing the threat will help you defeat it. There are several great sites you can visit to keep abreast of this issue. PestPatrol's Research Center (www.pestpatrol.com/pestinfo) has one of the most comprehensive lists of spyware and related threats we've seen.

There is no one software product that will detect and remove allspyware. Until better anti-spyware software is developed the best you can hope for is to manage the problem. The following two applications are very effective, and highly recommended.

• Spybot Search and Destroy: Spybot Search and Destroy is adaptable for both beginning and power users, and it's a great way to keep your home PC free of spyware. Best of all: it's free. Download now
• Ad-aware: If you're a penny-pincher, the free version is a good choice for spyware protection. Download now

Removing spyware may disable the software it tagged along with. In some cases the spyware cannot be removed until the free software it came with is also removed.

1. Your phone bill includes expensive calls to 900 numbers that you never made—probably at an outrageous per-minute rate.

2. You enter a search term in Internet Explorer's address bar and press Enter to start the search. Instead of your usual search site, an unfamiliar site handles the search.

3. Your antispyware program or another protective program stops working correctly. It may warn you that certain necessary support files are missing, but if you restore the files they go missing again. It may appear to launch normally and then spontaneously shut down, or it may simply crash whenever you try to run it.

4. A new item appears in your Favorites list without your putting it there. No matter how many times you delete it, the item always reappears later.

5. Your system runs noticeably slower than it did before. If you're a Windows 2000/XP user, launching the Task Manager and clicking the Processes tab reveals that an unfamiliar process is using nearly 100 percent of available CPU cycles.

6. At a time when you're not doing anything online, the send or receive lights on your dial-up or broadband modem blink just as wildly as when you're downloading a file or surfing the Web. Or the network/modem icon in your system tray flashes rapidly even when you're not using the connection.

7. A search toolbar or other browser toolbar appears even though you didn't request or install it. Your attempts to remove it fail, or it comes back after removal.

8. You get pop-up advertisements when your browser is not running or when your system is not even connected to the Internet, or you get pop-up ads that address you by name.

9. When you start your browser, the home page has changed to something undesirable. You change it back manually, but before long you find that it has changed back again.

10. And the final sign is: Everything appears to be normal. The most devious spyware doesn't leave traces you'd notice, so scan your system anyway.