Phishers Targeting Your Tax Dollars -- Redmondmag.com

Phishers Targeting Your Tax Dollars

By William Jackson
06/02/2008

A new phishing scam is targeting debit-card accounts used to deliver government benefits payments in 15 states.

E-mails, phone text messages and so-called "vishing" voice-mail messages ask recipients to confirm or update EPPICard account data, directing them to a phony Web site. Once the scammers have gathered the account information, they can drain money from the benefits account.

"They are apparently targeting government payments" such as food stamps and child support payments, said Marc Salomon, a researcher at Cloudmark, an anti-spam company in San Francisco that noticed the attacks earlier this month. "It is the taxpayer who is footing the bill," he said, because the compromised accounts are held by states, not financial institutions.

EPPICard is a magnetic-stripe debit card branded by MasterCard or Visa to access benefits accounts. The cards are used by Florida, Georgia, Illinois, Indiana, Mississippi, Nevada, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, Utah and Virginia. Each state uses the card to deliver the types of benefits payments it chooses. When a payment has been credited to the account, the holder uses the debit card for purchases and the payment is deducted from the account. Holders also can get cash back from a purchase and withdraw cash at banks and automated teller machines.

The e-mails apparently come from the address [email protected] and direct victims to a phony Web site. "They are hosted on servers around the world," Salomon added.

EPPICard has posted a warning on its Web site of phishing and vishing attacks. "We will never request your personal information, such as a Social Security number, card number or PIN through any of these methods," the company said.

Cloudmark has spotted about 20 of the phishing e-mails and said that number is probably just the tip of iceberg. There is no indication the e-mails are specifically targeting EPPICard users, said Adam O'Donnell, Cloudmark's director of emerging technology. But he said this type of attack against a niche target is likely to become more common as larger targets such as banks and services such as PayPal become over-phished.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

Microsoft Ignite 2024: The 10 Essential Sessions for IT Pros

Get a crash course on Windows Server 2025, brush up on your Entra know-how, find out what's up with AI agents, and learn how to secure it all because the ransomware is definitely coming.
Microsoft Addresses 4 Zero-Day Holes in November Security Patch

Microsoft's monthly security update arrived on Tuesday, packed with 90 fixes for the company's portfolio of products and services, with four of the items addressing vulnerabilities that are either being actively exploited or publicly disclosed.
Microsoft Pricing Changes: Monthly Billing for Microsoft 365, Price Hikes for Power BI

Microsoft on Tuesday announced some upcoming pricing changes for enterprise customers of its cloud-based subscription services.
Using PowerShell to Restore Backup Data

Use this simple code to apply your air gapped backups to your system.
Microsoft Unveils Multi-Agent AI System Magnetic-One

Microsoft researchers this week unveiled a new multi-agent AI system, aimed to help enterprises automate complex tasks typically requiring human intervention.