"When faced with a problem you do not understand,
do any part of it you do understand; then look at it again."
~(Robert A. Heinlein - "The Moon is a Harsh Mistress")

About to comment here for the very first time?
Check Where'd my Comment go?!!! to avoid losing it.

Wednesday, February 22, 2012

Another email scam - a bit more dangerous

-Would you like a virus with that?

I did something really stupid, as I DO know better.

This time, I was lucky.

Got a strange email, warning that my status as a Certified Public Accountant was in jeopardy, over helping my employees file fraudulent income tax returns.

Now this was news to me that I even had a status as a CPA and that I had employees.

The email wanted me to respond to the complaint (a linked PDF file). It also had a link to view the thing in a browser if necessary.

The "lucky" part was that I got the email late last night, and as I had to go to bed for an early rising in the morning for work, I moved the email to a special folder to deal with later.

So, it was almost an entire day before I got around to it.

Now, the true stupidity begins ...

I actually clicked on the "Complaint.pdf" link, and got ...
   403 - Access forbidden

Next, I clicked on "View it in your browser", getting ...
   404 - Page not found

That turned out to be a very good thing.

I then did what I should have done in the first place.

I googled for American Instutute of CPAs (the outfit that the email was supposedly from), went to their website (www.aicpa.org) to find contact information to verify that the email was legitimate, and the first thing I see on their main page (under "Other News") was a link to Alert: Fraudulent "Phishing" Scam Email Not from AICPA

Clicking on that link disclosed ...
On Thursday February 16, 2012, the AICPA became aware of a fraudulent email phishing scam using an AICPA banner and referencing the recipient’s possible involvement in an unlawful income tax refund activity that was sent to numerous individuals, CPAs, non-CPAs and members of the general public.

Messages may appear to come from senders such as the AICPA, Southwest Airlines, American Airlines or other well known sources including the Better Business Bureau.

This email is not from the AICPA nor from the AICPA database.
Do not open any attachment or click on any link as the email may contain a virus. While the exact source has not yet been determined, we are actively investigating the situation.

On Friday, February 17, the Better Business Bureau reported that a new round of phishing scams is using a BBB.org email address along with the American Institute of CPAs logo and name. The message informs recipients that their CPA license is being terminated due to tax fraud allegations and encourages them to click on a link and reply to the charges. The link leads to a third party website that downloads a virus on to the recipient’s computer. (Emphasis Mine)

Oh, Great!!!  I've just spent the last four hours running a full system scan on my computer, fortunately finding nothing (those error messages I got probably meant that they were able to de-fang those links by the time I had tried to access them).

As I said, pure luck this time.

The damned thing really did look legitimate and I figured they just had the wrong information.  Nevertheless, that google check I made should have been my first response if I had thought there was anything that needed replying to.

To the best of my knowledge, no legitimate outfit or agency is going to send such news as an email.  If it's truly serious, they would more likely employ regular (USPS) mail, maybe even Certified Mail to be sure that you actually got it.

If they want you to click on a link, use a lot more sense than I did and let that request ring all sorts of alarm bells in your head.  Again, no legitimate outfit will ask you to do that.

I was extremely tired and made a mistake.  Well, tired people can get killed by the mistakes they make, so watch out.  It's a snake's nest out there.

Have a good 'un.

No comments:


Stat Counter