Saturday, September 1, 2007

IRS offering Refunds? Guess again!

Ok, I know alot of you are smart enough to figure this out but I thought I would share this with everyone.

IRS Notification - Fiscal Activity
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $185.49. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Internal Revenue Service

However, if you look closely you will see that the URL is not, it is in fact

The domain search returns this info about the domian.

Domain name:

Holder of domain name:
Nestlé Suisse S.A.
Plater Roman
Finance Service Center
Case Postale 352
CH-1800 Vevey
Contractual Language: French

Technical contact:
namics ag
hostmaster X
Teufener Strasse 19
CH-9000 St. Gallen

Name servers: [] []

Now I know your thinking to yourself, why would you even bother to click on this?

Well I am here to tell you there are people out there that will click on it and fill out all the info, and get robbed to high heaven! After laughing at this letter for 10 minutes or so, my brother said to me, "With all the complaining you do about how evil the government is, and what not, why don't you write something about this."

So on that note I have, look folks, it is as easy as this, if you wouldn't give your info to a stranger on the street, don't give it to a web site that has sent you an email! Even if it looks real, talk 10 minutes of your time, call the place from whence the email appears to have come from, and ask questions! This is not rocket science!


juerg said...


Hier ist namics am Draht (Jürg Stuker). Obschon wir im Whois eingetragen sind, ist die Site weder bei uns gehostet noch von uns betrieben. Somit kann ich leider nicht direkt tun.

Die Agentur die im Impressum ist, kenne ich und werde versuchen diese sofort zu benachrichtigen.

Vielen Danke für den Hinweis!

juerg said...

Hi. Sorry to have written in German before.

I am CEO of namics, the company mentioned as technical contact in the WHOIS of the domain missused (

The site is neither programmed nor hosted by namics. OUr name in the WHOIS is wrong.

In the meantime, I personally called the Owner of the company that is running the site (Next AG, Dr. Hand Meli). He is now aware of the problem and takes it on hand.

Thank you a lot for the information!

C. Mettler said...

Hi Brian

I work for next ag and was made aware of the problem about 1 hour ago.

A quick investigation of the incident showed that the fishing site was set up by romanian hackers. They exploitet the so-called apache .rar vulnerability via the coppermine image gallery used on

We shut down access to the fished credit card data immediatly.

Thank you for reporting and making it possible for us to react quickly.

I'll stop by this blog from time to time to answer questions regarding this case.

Anonymous said...

Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If possible gives a last there on my blog, it is about the Impressora e Multifuncional, I hope you enjoy. The address is A hug.