Sunday, November 27, 2005 used to cover phisher's hacking

I just got spam from a phisher allegedly from saying I have a $571.94 tax refund that needs to be claimed in 12 days.

The URL had me fooled for a second -- it looks like a link to with a long
identifier. It turns out that the badguys are using a poorly secured redirect page (externalLink.jhtml) on to send people to Of course the resulting page asks for SSN, credit card number, etc -- all the things needed for identity fraud.

And here is the email:

From: <tax>
Reply-To: no-reply-2005@
To: my email
Date: Nov 26, 2005 12:16 PM
Subject: [IRS] Tax Refund

You are eligible to recieve a tax refund for $571.94.

To access the form for your tax return use the link below:,00
(copy and paste this link in your browser address bar)

12 days left to apply for your refund. You may not receive your refund as quickly as you expected. A refund can be delayed for a variety of reasons. For example, a name and Social Security number listed on the tax return may not match the IRS records. You may have failed to electronically sign the return or applied after the deadline.

This email has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

The bad guys are getting pretty tricky...