site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Scam and Phishbusters > [Phish] Phish email - fake INTUIT "request to update tax in

Search Topic:
 Uniqs:
645		 Share Topic
Posting?
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
AuthorAll Replies


EGeezer
Summertime
Premium
join:2002-08-04
Midwest
kudos:7
Reviews:
·Callcentric
1 edit

[Phish] Phish email - fake INTUIT "request to update tax in

Text of email, message source: 212.170.188.194

designed to fool recipients who may have Turbotax or use Intuit's other services or products;

Dear Sir/Madam,

In order to guarantee that accurate information is being sustained on our systems, as well as to be able to grant you better quality of service; INTUIT INC. has partaken in the Internal Revenue Service [IRS] Name and TIN Matching Program.

It appears that your name and/or Taxpayer Identification Number, that is specified on your account is not in compliance with the data obtained from the IRS.

In order to enable INTUIT INC. to update your account, please enter the secure section.

Best regards,
INTUIT INC.

Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043



link provided goes to phish site hxxp:// nzbridge.co.nz/iSWRFbUF/index.html (link broken for safety)

The target page appears to have been removed, but may be hosted elsewhere. Appears to be similar to »/phishtrack?pi···ontent=1
to forum · permalink · 2012-02-07 13:20:53 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Re: [Phish] Phish email - fake INTUIT "request to update ta

Several of these have been submitted to phishtracker.

They are similar to others for NACHA, BBB and other organizations.

As best I can tell, the web pages are using malicious javascript. It is probably an attempt to take over your computer, rather than an ordinary phish.

I am using "noscript" on linux. If I disable "noscript" on one of these that is still active, the browser appears to loop, consuming lots of cpu time.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.1; firefox 9.0.1
to forum · permalink · 2012-02-08 08:33:16 ·


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX

reply to EGeezer
I've seen multiple attempts at getting malware installed through fake NACHA & BBB emails in my Yahoo spam folder.

I've run linked URLs through URLVoid on a few of these, but they all came up clean. I think that is because the initial link is a redirect to a malicious site, one usually hosting the Blackhole exploit kit.

Now when I see one I just delete it.
--
I, for one, welcome our new Computer Overlords.

to forum · permalink · 2012-02-09 01:32:00 ·
Forums > Broadband Tech > Security > Scam and Phishbusters

Monday, 04-Jun 08:45:46 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics