added February 6, 2009 at 10:03 am
US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request that the user provide personal information.
US-CERT encourages users to do the following to help mitigate the risks:
- Do not follow unsolicited web links received in email messages.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks (pdf) document for more information on social engineering attacks.