taxonweb (belgian online tax) waiting to be phished
The IRS, the US tax service is shutting down other sites than the .gov site that have the same name because some phishing sites came popping up. Under a new taxpayer protection act it became also illegal to do this.
In Belgium we have taxonweb (they thought of nothing better because we have three different official languages and so communicate between us online in yet another one). So if we look at who has tax on web, we see the following things
* http://minfin.fgov.be/taxonweb/ (with a very bad banner so it could be copied without looking suspicious - also the fact that it is a subdivision of a site makes it easier for phishers)
If you click on one of the languages, you will see that the page is saying the service is not ready yet (and the redirect makes it also easier)
Even if you go to taxonweb.be you have this (not in https)
(also in a style that is highly amateuristic and quite copyble for phishers)
And by having this kind of pages, you make people used to outages and so they may think that phishing alert-outage page are 'normal'.
But we have also other domainnames
|Buy exclusieve gadgets and. gifts online. www.gadgetshop.be. BMW Motoren. Officieel dealer van BMW moto's. te Rotselaar. www.wingemotors.be ...|
It is clear that taxonweb is not at all been built to defend against phishing and scams that will come one day or another. It is better to learn from some lessons the banks have learned the hard way and to include them from the beginning in the construction of your webservice.
All is not lost. They still have a chance to reconstruct a seperate website with all the necessary defensese around them. Because that is also not very prepared, without saying too much.