IRS Stimulus Package Phishing ScamFebruary 6, 2009 – 4:25 PM
US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request the user to provide personal information.
Users receiving the fraudulent email messages are encouraged to send the email message and the website URL to the IRS at [email protected].
US-CERT encourages users to do the following to help mitigate the risks:
- Do not follow unsolicited web links received in email messages.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks (pdf) document for more information on social engineering attacks.
- Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.