Paul Ducklin’s thoughtful blog on “Taxation scammers open the batting for 2010” highlights a tax phish that manages to get round the “why should I click on that link when that isn’t my bank?” issue by offering a choice of bank links leading to a clone site. Neat, and “transitive phishing” is a good label for it. But the answer is the same. Don’t trust a link in email (are you listening, eBay?) Go to a URL you know you can trust, and if it means typing it in by hand, do that.
Update: Dmitry Bestuzhev has pointed out to me that he blogged on this scam a day before Duck’s blog was posted. Indeed he did, but it was the two-stage site-spoofing that I found interesting, rather than the fact that it’s a tax scam. Still, he’s right that it’s worth noting in itself that there is another round of tax scams, and the Analysts Diary blog is certainly a resource worth keeping an eye on.
David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET