Home > All, Security Issues > Psychology, social engineering, phishing and the taxman

Psychology, social engineering, phishing and the taxman

Do you need any further proof that the modern cybercriminal is a thinking animal? OK. There are two current spam/phishing campaigns I am particularly aware of: one aimed at the US and one aimed at the UK. Both are centred on the taxman.

I first reported on the UK campaign at the end of last month: The Inland Revenue owes me money. Hurrah!.

Tax phishing in the UK

But simultaneously there is a tax phishing campaign underway in the USA. This from Websense:

Websense Security Labs™ ThreatSeeker™ Network has detected a wave of tax-themed malicious email.  While the tax theme in spam email is common all year round, it is interesting to see the different strategies malicious authors use in their campaigns.

We have seen reports last June about email with the subject “Notice of Underreported Income”.  Today, we have seen a couple of email having the same subject but with different attack strategies.
2010 Tax-Themed Malicious Emails

Tax phishing in the USA

Notice the different themes. In the UK, the taxman is generally seen as the possible source of a windfall. In the US, the taxman is a figure of fear, more likely to deliver a penalty or a criminal action than anything else. The phisher is playing on the hopes of the UK citizen, and the fears of the US citizen. Psychology is an important part of social engineering.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s