SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.)
The emails described try to kid the victim that they've under-reported or failed to report income, in the hope of persuading them to access a malicious URL in order to download an equally malicious file (Zeus, by the sound of it). Of course, there are other scams that try to get you to give them sensitive financial and personal information: be on the lookout for those too.
Folks, the IRS is not going to send you email about tax problems, or to offer you a tax rebate. (By the way, the same applies to the UK tax authorities.) In fact, I'd be happy to get the IRS to talk to me at all over a little matter of withheld royalties, but I'm sure you don't want to hear about that…
Despite the negative experiences of some of its clients, the IRS does have a reasonably good page on "How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites" here. Even bureaucrats get things right sometimes.
If we see other scams reported in the run-up to the IRS 15th April deadline for filing tax returns, we'll let you know.
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET