Phishers target UK taxpayers

E-mail users are reminded to be vigilant following the discovery of a phishing campaign that seeks to capitalise on news that the UK chancellor is expected to introduce pre-budget tax cuts, says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

Samples intercepted by SophosLabs claim to come from UK Government & Ministry of Finance, and offer to return tax to “every man aged between 30 and 55 years”. Unsuspecting users, who wish to take advantage of the offer of £450 to £650 for 'family maintenance', are directed to a Web page that asks for information, such as age, marital status and number of children. This information can then be used by fraudsters to build identity profiles.

"At a time when many people will be uncertain about their finances and job security, cyber-criminals have clearly been quick to take advantage of the situation," says Myroff.

While the British government is expected to make announcements relating to recession-busting tax cuts, it is generally advisable for anyone to rather monitor official channels in these circumstances and ignore any unsolicited e-mails asking for personal details, he adds.

“This campaign, coming in the run-up to Christmas, also takes advantage of the trend for special offers and vouchers to be circulated via e-mail. Again, all computer users should do their best to stay mindful of the risks."

This week also saw the identities of 97 000 employees of Starbucks put at risk after a laptop was stolen at the end of October. It's unclear why the coffee house giant waited four weeks before informing its workforce. The incident, which was only made public this week, is not the first time that Starbucks has reportedly lost laptops containing information about employees.

In the latest security breach, names, addresses and social security numbers are said to have been stored on the lost laptop.

Starbucks says it has informed the police, and is working with a credit-watching service to warn if employees' credit rating should suddenly change (a possible indication of identity theft).

“In these instances, if data on a computer's hard disk is properly encrypted, there would be a lot less to worry about,” says Myroff.

Also making the headlines is Adam Guerbuez, the Montreal-based spammer, who has been landed with an $873 million judgment by a district court in San Jose, US, after sending more than four million spam messages to users of the Facebook system. Guerbuez sent messages promoting marijuana and sexual enhancement drugs.

According to Facebook, Guerbuez stole the username and password details of Facebook members, and then used infected computers under his control to automatically log into the profiles and spew out spam.

Social networking spam has been on the rise this year as cyber-criminals have realised that social networking users can be more easily fooled into clicking on a link that appears to have come from a Facebook friend than if it arrived via regular e-mail, says Myroff.

While Facebook takes steps to better protect its users, hackers will no doubt continue to seek out new vectors of attack. Ultimately, the onus is on the individual user to exercise caution when using the site and when clicking on unknown links.

“Spam via social networks like Facebook is only possible because users are not being careful enough about protecting their usernames and passwords on the site, and defending the security of their personal computers,” Myroff adds.

“Hackers are keen to steal the usernames and passwords of Facebook users as it makes it easier for them to spam out convincing messages to a victim's network of friends. You should not only choose a complex, hard-to-guess password for these sites, but also defend your computer with up-to-date anti-virus software and security patches.”