Saturday, September 02, 2006

Ye shall be phishers of children


Yesterday morning I received this interesting phishing attempt:

From: IRS.gov
To: xxxxx@att.net
Subject: Tax Information - xxxxx@att.net - (Code xxxx-xxxx)
Date: Fri, 1 Sep 2006 01:39:47 +0000



Account : xxxxx@att.net Number : xxxx

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $191,40. Please submit the tax refund request and allow us 5-7 days in orders to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records of applying after the deadline.

To access the form for your tax refund, please click here.

Regards,
Internal Revenue Service

Now, I get lots of phishing attempts -- I'm sure you do, too. And this one isn't even well done -- the use of comma instead of decimal point in the monetary amount is something you'd think the offshore phishers would have wized up to by now, and then there are the two typos and the grammatical error. But anyway, why I am highlighting this phishing attempt?

One thing I like to do -- I don't know if you do or not -- is take a peek at the target link, just to see who it is out there trying to steal my personal information*. And there was something interesting about this one. To begin with, this phisher made an unusually devious attempt to conceal the true link:

http://rds.yahoo.com/_https://sa1.www4.irs.gov/irfof/lang/en/
irfofgetstatus.jsp?1111/**http://www.dekdi.com/WysiwygPro/irs

He used Yahoo's redirection service and then managed to work in the domain name irs.gov, to make it look as authentic as possible. But if you tease it apart, you'll find it points to a subdirectory -- suitably disguised as an offical IRS page and of course asking for your SSN, credit card number, and ATM PIN -- on this very interesting Web site:

http://www.dekdi.com/

You can click on it -- it's safe.

It turns out that the people trying to steal my identity also operate the Anuban Dekdi "Good Children Kindergarten and Primary School" in Phontong, Thailand. There's a picture of an Thai couple and a tall blond Caucasian man fronted by a row of children in colorful Thai costumes. There are also pictures of teachers and classrooms. Not to mention the notice, under Terms and Conditions, that "Feeding head master's eco pigs is voluntary." Good to know.

Speaking of good to know, I wonder if the parents whose children are being educated there know that their headmaster is party to a despicable and heinous crime. Or if the headmaster himself even knows. And if he doesn't, am I morally obligated to let him know?

I apologize for this uninspired post. I was just struck by the juxaposition of phishing and educating children.

* Do I need a life?

Comments:
the link said the account was suspended! no pig pictures for me! lol.

i agree that the whole phishing thing is out of control.

sometimes, they hit it right, though, and i almost fall for it.

for example, i was trying to change some info with my bank and i got a "confirmation of bank info" note from that very bank. only it wasn't.

i looked at the weird phrasing and bogus url, of course. but still...
 

Post a Comment





<< Home

This page is powered by Blogger. Isn't yours?