Category: Uncategorized

Adventures in Spam Land: Phishing Attempt Allegedly From “IRS.com”

Legal Disclaimer:
The article below describes my attempts to understand the origin of a fraud attempt made against my organization this morning. The article is not meant to defame any legitimate businesses whose domains may have been spoofed by a third party.

This article is for information/entertainment purposes only, and is provided “as is” without warranty of any kind! Any links or references to external sites are publicly available and provided solely for the convenience of the reader.

All third party content in this article is property of its respective copyright holders. I am not affiliated with any of the sites linked, and make no guarantees or warranties pertaining to these sites or their contents.

It’s tax season again, and for information security professionals, it means a whole slew of new phishing and identity theft attempts!

This morning, “webmaster@irs.com” sent 13 emails to my organization to advise the recipients that our tax appeal was rejected. Of those attempts, 3 got through before the Bayesian spam filter kicked in and blocked the rest.

Dear business tax payer, 

Hereby you are informed that your Tax Return Appeal id#0565677 has been DECLINED.  If you believe the IRS did not properly assess your case due to a misunderstanding of the situation, be ready to clarify and support your position. You can access the rejection report and re-submit your appeal by using the following link Online Tax Appeal [link omitted].

Internal Revenue Service 

 

Telephone Assistance for Businesses:

Toll-Free, 1-800-XXX-XXXX
Hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).

Just for fun, I decided to see how far down the rabbit hole leads:

Source IP: 87.120.210.83 (Host in Bulgaria)

Domain Registrar Information for irs.com:

Registration Service Provided By:
DOTTED VENTURES
Contact: +1.4159629700
Website: http://www.dottedventures.com
Domain Name: IRS.COM

Registrant:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014


Domain servers in listed order:
ns10.dnsmadeeasy.com
ns11.dnsmadeeasy.com
ns12.dnsmadeeasy.com
ns13.dnsmadeeasy.com
ns14.dnsmadeeasy.com
ns15.dnsmadeeasy.com

Administrative Contact:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014

Billing Contact:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014

As it turns out, irs.com is an HTTP redirect to banks.com/taxes.

At the very bottom of the page, they made it a point to put in the following disclaimer:

“This site is in no way associated with or endorsed by the United States Treasury Department or the Internal Revenue Service.”

 

Instead of putting it in plain text, it was actually an image with the ALT text description, “Disclaimer.” The only reason I can think of that someone would want to do that is to omit it from search engine spidering, but I would be hard pressed to think of a legitimate reason why a business would try to obfuscate the contents of a disclaimer like that!

There’s also a Better Business Bureau logo at the bottom. I went to bbb.org expecting to find a slew of fraud complains. Instead, I found that they’ve actually got an A+ rating!

Questionable SEO choices notwithstanding, I won’t speculate further on the legitimacy of Banks.com, Inc, but I will contact the proper authorities (the IRS) and let them sort it out.

Next steps:

The best thing to do with an email claiming to be from the IRS is to forward it to phishing@irs.gov. The IRS’ information security team will review it and take further action from there. 

Microsoft CSAT Survey

NOTE: This post was written in July of 2009, and the information herein may be outdated/no longer applicable. I’ve elected to preserve the post here for posterity.

As of October 2009, Microsoft is requiring all of its Gold-level Partners to participate in a Customer Satisfaction Index (CSAT) Survey:

“Effective October 2009, partners re-enrolling at the Gold Certified level will need to have participated in at least one CSAT Index survey prior to re-enrolling, and receive ten or more survey responses (up to eight responses can be from the same customer organization).”

In my case, my employer is an ISV that develops web-based applications for use on a Microsoft platform (IIS/.NET/SQL Server etc), but don’t actually resell Microsoft products. This requirement is big headache for us for a number of reasons:

  1. Most of the questions are geared toward resellers, and won’t apply to ISVs (e.g. “…Assuming [Company Name]’s performance remains the same as it is now, do you expect your company’s future purchase levels from [Company Name] will be…”)
  2. The questionnaire is around 30 questions long, and can’t be shortened! You can only add additional questions.
  3. The partner points you can earn for these surveys are negligible (as little as 2 points for 10-19 responses, as much as 20 points for 200+ responses).

After several weeks of exchanges with various Microsoft representatives, I was finally told that although participation is mandatory for Gold Certified partners, incomplete surveys would still count toward the requirement if inapplicable questions were left unanswered (specifically, questions 14 and 15 as those pertain to sales performance).

I hope this helps someone else out there who might find themselves in a similar predicament!

Honesty in Sales

One of the most effective ways for me to evaluate vendors is to speak directly with a representative. This saves a lot of time and effort spent picking through the fluff to try to get to meat of what you’re after.

When I approach a sales person, whether it be over the phone or in person, I get right down to the point, explain what I’m looking for and declare my budget. Generally, we’ll know within 5-10 minutes whether or not we’re wasting each other’s time.

Today, I placed such a call, intending to reach a representative I’d previously worked with on an unrelated project. The rep was no longer with the organization, but I decided to press on with the next available person. Our conversation went something like this:

I opened by explaining my requirements and budget to the sales rep, we’ll call him “Don”. Don explained that he had both on-premise and SaaS offerings. I expressed interest in the later, and asked what pricing was like. Instead of responding appropriately, he continues to pitch me the on-premise solution. I ask again, how much his solution costs. He dodges the question again, this time going into more detail about the application’s features. I ask him a third time, and he finally confesses that the cost is 4 times greater than what I’d already defined to him as my budget, but he wasn’t finished.

There was also support, training, and another feature I listed in my requirements which he had previously claimed was a ‘standard’ feature, was actually available only at an additional cost. After all of the ancillary fees, the total solution came to just over 5 times my stated budget.

At that point, I was ready to end the call, but decided to entertain the SaaS offering. I was equally disappointed there as well, the cost still being well above my constraints. I explained him that my budget was neither negotiable nor arbitrary, so he played the quality card.

While his product was good, he could not identify any direct competitors (which there were many), nor could he articulate what was so unique about his product that warranted a premium price tag. I let him go at that point and moved on, but invited him to talk to his superior and see if he could come back with an offer that met our requirements.

Within an hour, I had a quote from him that was equally insulting – the price had not changed, and he even went so far as to say (in not so many words) that we weren’t big enough to bother with, and that he was puzzled about how we came up with such a low budget for this project. He even went so far as to infer that our constraints weren’t realistic, or that we hadn’t done our homework.

Two calls later, I found a solution that offered all of the functionality Don’s product did, but at 1/3 of our budgeted cost per user. It included:

  • Free support
  • No multi-year contract
  • Setup in minutes instead of months.

It was clear to me based on Don’s attitude and pricing that SMBs were not one of their target markets, and that’s okay. A Mercedes is not for everyone! Whether the car can park itself or make julienne fries, these features mean little to a person looking to get from point A to point B, and can’t spend an extra $35K to get there.

While Don didn’t have anything that could help me today, his behavior guaranteed that I would never do business with his firm again, either in this, or any other organization later down the road. I can only wonder how much this kind of carelessness costs organizations every year in damaged reputations and missed opportunities? I replied to his email with a lengthy explanation of why I we weren’t going to do business in hopes that he might learn from the experience. I hope he does.

What kind of experiences has everyone else had with dodgy vendors?

Introduction

NOTE: This post was written as an introduction to my previous blog on the now defunct IT Toolbox website. The title of the blog at the time was “IT Champloo.”

In 2018, I decided to create a personal website and move everything over. This post is preserved here for posterity.

Having worked in IT for nearly 15 years, I’ve acquired a wide breadth of experience in a number of businesses ranging in size from under 20 to over 20,000. Some of the industries I’ve worked in include education (K12 and higher ed), corporate, SMBs and private consulting.

I’ve acquired Masters Degrees in Networking and Communications Management and Project Management along the way, and while I can never pay back the debt I owe to all of those I’ve learned from, I hope that this blog will help me pay forward to those just beginning their journey.

Chanpuru (sometimes written and pronounced champloo) is Okinawan for “something mixed,” which describes their culture and traditionally relaxed attitudes toward people and food.

Since this blog represents a diverse mix of IT topics in a relaxed, open-minded setting, the name, “IT Champloo” seemed fitting.

My blog topics will include personal experiences, market and social commentary, reader questions and feedback. As of 12/8/2010, I’ve also introduced a new theme where I will conduct interviews with important players in the IT Industry. Thanks for reading!

~ Yousef Alahmad