[NSR] Tax scam / virus Alert

[agrogod]

And as the year starts the scammers are hard at work trying to take what is left of our hard earned money. I have been receiving and evaluating the Nigerian scams for years now, as well as many of you have also, to know this newest one has SCAM/VIRUS written all over it.
It came through as an email from the IRS, with little description as to why I would be receiving it, and again as in the past no personal info to identify me.
Below is a copy of that email and what to look out for should you get it.

************************************************************
Federal tax report #ID6073 <- Not my federal tax ID #

From: "Internal Revenue Service" <pustomer@irs.gov> <-seriously,, pustomer

To:
Sent: Sat, Jan 07, 2012 11:19 AM
Tax_Refund.zip (52KB) <- A zip file attachment DO NOT OPEN



Notice,

The analysis of the last annual calculations of your fiscal activity has indicated that
you are entitled to receive a tax refund of $113.89 <-You mean my last IRS filing
Please submit a request of the tax refund and a processing of the request will take 7-14 days.
A tax refund can be delayed by different reasons.<-Only thing they got right is the delay part
For instance submission of invalid records or sending after the deadline.

Please find the form of your tax refund attached and fill out it and send a report. <-I thought it was a request

Regards,
IRS. <-I guess 'Robert Mueller' got tired of signing

************************************************************
As you know from filling out tax returns in the US the IRS does not tell you you have a refund they owe you. You have to find out about it either accidentally or through a CPA. When you owe them money then they show up beating down your door with audit papers in hand.

Be careful when receiving any emails of this type, and NEVER,EVER open any attachments even if it looks like it is from a trusted source.

[Syd]

receiving and evaluating

Are you interested in security or scammers? If not take this bit of advice:

• Unless you have initiated an email conversation with them, if you get an email from the IRS - it's not from the IRS. Delete it.
  Unless you are a subscriber to a newsletter from them, if you get an email from Microsoft - it's not from Microsoft. Delete it.
  In fact, unless you have requested the email or it comes from a known source like family or friend - just delete it.

I'll go further. If the email has an attachment that you were not expecting, just delete it . If it came from you mom, email her back to confirm that she sent you the file. The IRS, Microsoft, McAfee and the rest, are not likely to send you an email with an attachment. They are going to send you a download link.

And, since I have run into this at my work, if you are browsing the intertubes and a popup appears warning you about a possible infection - don't click on any buttons to close the popup. Close your browser immediately. Whatever you lose on a Facebook update pales in comparison to what you will lose if you click on any button, including the little red X.

[agrogod]

All good points. This one was new for this year so thought I would share for all interested.

[jprestonian]

I'll just put in a plug for the free Avira AV software, here. I've used it for years, and it catches stuff like this for you rather well.

Funny story that happened the other day: I started visiting a site where someone posts a lot of that Blingee garbage, which is an eyesore, to be sure. Chrome would let me add the domain to the blocked images list, but it didn't block the freakin' images. Being an old-schooler, I decided I'd just put an entry in my hosts file to point it to 127.0.0.1, which I did... and then Avira jumped up when I tries to save the hosts file: "Something is attempting to modify your hosts file!!!!! DANGER!!!!" Awesome. Best of all, there was no way to immediately override this and allow the file to save -- I had to go into Avira, shut off the hosts file protection, save the file, then turn it back on.

It's a good product, and you can't beat free.
.

[JHScoot]

simple never ever respond to unsolicited emails of this nature, period. much less open them

i use Avira as well. good stuff, and free

[Syd]

Antivir is good, McAfee sucks.
McAfee is good AVG sucks.
AVG is good, Antivir sucks.
You get the idea.

Fact is, every real antivirus tool is good, and everyone of them sucks, and none of them is likely to stop a trojan (like Antivirus 2012, or others of its ilk) because Antivirus 2012 is an application that you choose to install when you click on the deceivingly named button. Which means browsing habits are your first and last best line of defense. Turn on your browser's popup blocker, remove all the toolbars, and when you see a suspicious popup message -

Close your browser.

[agrogod]

This wasn't intended to tout which anti was better or worse or who can close their browser faster, just some info to help educate. There are still individuals that get spooked when seeing something like this and inadvertently open an attachment, click a link, respond to a supplied email.

Bottom line is this, if you get an email that states you have money coming to you its bunk.
And if you want to learn more about scams like this Google "Robert Mueller scam" without the quotes.

[JHScoot]

Ya got me. I thought this was a pretty calm discussion. We hadn't started talking about which gas is best, or which oil to use or what gear to wear.
Yet.

yeah with all due respect this thread is calm and on topic. if someone posts a thread on the internet about viruses / bots sending out scam mail (which is what happened here no one sends these things personally) then some are going to post potential solutions

its not a big leap to say "try this anti virus" and "never open unsolicited emails" as suggestions to those reading

[Tocsik]

And now, back to our regularly scheduled discussion of scooters................

Thanks for the heads-up on the malware but I sure see this discussion getting waaaay out of hand.


Yay scooters!

[agrogod]

^Yeah I opened a can-o-worms with this one. With so many of the MB members relating stories of how they got their scooters stolen, something that just hits a real sore spot with me, just thought I'd give this as a heads up so nobody gets caught up in this new perversion.
So powers that be if you want to lock this thread please feel free to do so.

[Syd]

Ya got me. I thought this was a pretty calm discussion. We hadn't started talking about which gas is best, or which oil to use or what gear to wear.



Yet.

[LunaP]

So.

I've been gone for a week or so because just a few days after this was posted, I came down with a virus. I don't know how I got it, except that it was a 'drive-by' trojan I picked up somewhere on the interwebs. Lokky left for Israel, two days passed and I go to my first night off and I told myself I'd keep occupied by catching up on tv shows... 6 hours later while I'm watching TrueBlood, everything starts shutting down and then a bogus pc scan starts running, tells me my entire computer is borked and if I pay them some money for their magic software they can fix it. It ran at startup, even if safe mode.

Luckily I have a friend who works in IT and is apparently very familiar with this type of trojan who came over and removed it for me. It got past my Norton and AdAware, so my new philosophy is to never have just ONE kind of protection on my computer!! (this is the real point of my addition to the conversation)

[Syd]

Glad your friend was able to get rid of it for you...

But read my earlier posts in this thread to get my thoughts on this subject.

[pdxrita]

So.

I've been gone for a week or so because just a few days after this was posted, I came down with a virus. I don't know how I got it, except that it was a 'drive-by' trojan I picked up somewhere on the interwebs. Lokky left for Israel, two days passed and I go to my first night off and I told myself I'd keep occupied by catching up on tv shows... 6 hours later while I'm watching TrueBlood, everything starts shutting down and then a bogus pc scan starts running, tells me my entire computer is borked and if I pay them some money for their magic software they can fix it. It ran at startup, even if safe mode.

Luckily I have a friend who works in IT and is apparently very familiar with this type of trojan who came over and removed it for me. It got past my Norton and AdAware, so my new philosophy is to never have just ONE kind of protection on my computer!! (this is the real point of my addition to the conversation)

Ah yes, the old fake anti virus. That's the worst stuff going around right now. It gets through AV software for a couple of reasons: 1) The files that are distributed morph on a daily basis, which outwits standard file identification techniques used by AV manufacturers, 2) AV vendors tend to treat this sort of thing as something that you intentionally installed, so they don't add it to their definitions. As for how you got it, you can get it just about anywhere. Since most major websites pull their ads from other sources, such as Google Ads, they really don't have control over the content of their sites.

As for running more than one protection, I'd caution you against that. You can run one AV and one Anti Spyware, but if you run more than one of a given type, you'll slow your computer to a crawl since those multiple programs will compete to scan each and every file you access. I'm an IT professional and a former employee of a major AV vendor, so I have some expertise in this area. Glad your IT friend was able to save the day for you.