04 November 2008

stimulus payment phish

criminals will phish anything. heres a new phish going around that purports to be from the internal revenue service but in the emails "from" line it says: bvs credit union.

click picture to enlarge
when you mouse over the hyperlink that says "click here" (in blue) and look down in the status bar you see the link doesnt contain the irs.gov domain like you would expect -- instead it goes to a website whose domain is tel.artwifi.net

when you do a whois of that domain, you see its hosted by a company in belgrade, serbia. if you would have clicked on the link and filled in the form with your personal information, etc. you would have been giving the criminals your name, social security number, banking information and who knows what else.