23-04-07

taxonweb (belgian online tax) waiting to be phished

The IRS, the US tax service is shutting down other sites than the .gov site that have the same  name because some phishing sites came popping up. Under a new taxpayer protection act it became also illegal to do this.

 

In Belgium we have taxonweb (they thought of nothing better because we have three different official  languages and so communicate between us online in yet another one). So if we look at who has tax on web, we see the following things

 

* http://minfin.fgov.be/taxonweb/ (with a very bad banner so it could be copied without looking suspicious - also the fact that it is a subdivision of a site makes it easier for phishers)

If you click on one of the languages, you will see that the page is saying the service is not ready yet (and the redirect makes it also easier)

Even if you go to taxonweb.be you have this (not in https)

 

hack5_011

 

(also in a style that is highly amateuristic and quite copyble for phishers)

And by having this kind of pages, you make people used to outages and so they may think that phishing alert-outage page are 'normal'.

But we have also other domainnames

* TAX ON WEB :: www.taxonweb.eu

Buy exclusieve gadgets and. gifts online. www.gadgetshop.be. BMW Motoren. Officieel dealer van BMW moto's. te Rotselaar. www.wingemotors.be ...
www.taxonweb.eu/

It is clear that taxonweb is not at all been built to defend against phishing and scams that will come one day or another. It is better to learn from some lessons the banks have learned the hard way and to include them from the beginning in the construction of your webservice.

All is not lost. They still have a chance to reconstruct a seperate website with all the necessary defensese around them. Because that is also not very prepared, without saying too much.

15:16 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (2) |  Facebook |

Commentaren

Data News Can you contact me on my mobile 0497/20 79 20. I am working for the belgian IT weekly Data News preparing an article on the new website of SPF Finances.
Regards.

Gepost door: marc husquinet | 09-05-07

Phishing Scams
Hi all,

This is Lavanya.I gone through this website and found various information about Scams. The misleading web site appears authentic with familiar graphics and logos. The wordings are professional right down to the legal disclaimer at the bottom of the page.we have a site Phishing" target="_blank">http://www.federalreviews.com/Be_Aware_of_Phishing_Scams.html">Phishing Scams which provides a great info about Scams on internet.

Gepost door: lavanya | 10-05-07

De commentaren zijn gesloten.