As the April 15th tax filing deadline approaches, cyber fraudsters are planning their attack on online tax filers to steal confidential information. Websense, Inc. (NASDAQ:WBSN) , a global leader in web security and web filtering productivity software, today announced that Websense(R) Security Labs(TM) has seen a rise in phishing attacks via fraudulent emails and websites that spoof the Internal Revenue Service (IRS). Since December 2005, Websense Security Labs has been working together with the IRS and other organizations to investigate the rise of tax scams and better protect consumers and employee computing environments from increasingly sophisticated and dangerous internet security threats.
   
   Websense Security Labs has discovered tax attacks targeting the U.S. in several countries outside of the U.S. hosted on compromised web servers. For example, one of the largest IRS phishing campaigns claims that the taxpayer is eligible for a refund and needs to log on to a website to verify their information. Users receive one of a variety of email messages with a link to a fraudulent website. Upon accessing the spoofed tax website, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers. The intent of these attacks is to dupe users into revealing confidential information which can be used for withdrawing funds.
   
   Phishing can present a serious security risk for consumers and organizations. Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a genuine site and which is a fake. However, employees don't have to "fall for the phish" and actually enter confidential information on a phishing website to be compromised. For example, recent trends indicate that by just visiting a website, many types of phishing URLs can install spyware, such as a malicious keylogger, which has the ability to capture data including network passwords or social security numbers without their knowledge. It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations' intellectual property.  Full Article