Beware emails that sound too good to be true
A new phishing scheme is promising tax refunds in the amoutn of over $500 to recipients of the scam. Sophos has an advisory. It looks pretty devious – asking people to type in the link address (or copy and paste) and using URL redirect to make it use an official site to then redirect to the phony site.
Apparently, the site claims that your refund may have been delayed and you have 12 days to claim it. And, of course, you need to provide Social security number and credit card information. The bottom line is this…. if you have a solicitation (phone/email/cold caller) that CLAIMS to be representing a company or organization. Contact that company to verify it’s validity. NEVER use information provided by the person making contact to do so… (links in emails, phone numbers/web sites a phone solicitation gives).
A few nights ago we had a call looking for donations from what would seem to be a good cause. I interrupted though and told the caller that I never gave to phone solicitations without looking into the group/organization that was calling. I got the name of where she was calling from and she invited me (of course) to get more information from their website. I haven’t yet set down to look them up but you can bet I’ll take the website she gave with a big grain of salt.
Be cautious.
–update–
Also covered at the Register. While the official US Govt. site used in the attack was not compromised. It is configured in a way to allow redirects such as the one they phishers used. So far I haven’t seen the link itself, all I’ve seen are munged screenshots.