News

Phishers Targeting Your Tax Dollars

A new phishing scam is targeting debit-card accounts used to deliver government benefits payments in 15 states.

E-mails, phone text messages and so-called "vishing" voice-mail messages ask recipients to confirm or update EPPICard account data, directing them to a phony Web site. Once the scammers have gathered the account information, they can drain money from the benefits account.

"They are apparently targeting government payments" such as food stamps and child support payments, said Marc Salomon, a researcher at Cloudmark, an anti-spam company in San Francisco that noticed the attacks earlier this month. "It is the taxpayer who is footing the bill," he said, because the compromised accounts are held by states, not financial institutions.

EPPICard is a magnetic-stripe debit card branded by MasterCard or Visa to access benefits accounts. The cards are used by Florida, Georgia, Illinois, Indiana, Mississippi, Nevada, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, Utah and Virginia. Each state uses the card to deliver the types of benefits payments it chooses. When a payment has been credited to the account, the holder uses the debit card for purchases and the payment is deducted from the account. Holders also can get cash back from a purchase and withdraw cash at banks and automated teller machines.

The e-mails apparently come from the address [email protected] and direct victims to a phony Web site. "They are hosted on servers around the world," Salomon added.

EPPICard has posted a warning on its Web site of phishing and vishing attacks. "We will never request your personal information, such as a Social Security number, card number or PIN through any of these methods," the company said.

Cloudmark has spotted about 20 of the phishing e-mails and said that number is probably just the tip of iceberg. There is no indication the e-mails are specifically targeting EPPICard users, said Adam O'Donnell, Cloudmark's director of emerging technology. But he said this type of attack against a niche target is likely to become more common as larger targets such as banks and services such as PayPal become over-phished.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.