IRS Stimulus Package Phishing Scam

The United States Computer Emergency Readiness Team (US-CERT) Current Activity web page ( includes a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

As of February 6, the US-CERT Current Activity web page is warning that they are aware of public reports indicating that phishing scams are circulating which involve fraudulent United States Internal Revenue Service emails. The fraudulent emails offer users stimulus package payments to recipients and ask for personal information by including text that attempts to convince users to follow a link to a website or to complete an attached document.

One such recipient reported that he had received a similar email last year that included information about the stimulus check sent out at that time. The user went to say that the senders of this phishing email scam had approximated how much money the recipient received in his stimulus check and was off by $23 dollars. Because the amount was so close to what the recipient had received the recipient almost fell for the scam. Luckily the recipient noticed that the sender’s email address was suspicious. The user followed up by sending warnings to about seven different agencies including the IRS in regards to that scam.

US-CERT encourages users who receive fraudulent email messages to send the email messages and the website URLs to the IRS at

US-CERT encourages users to do the following to reduce their risk of giving out personal information:

• Do not follow unsolicited web links received in email messages.

• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams. (

• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks. (

• Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website. (,,id=179820,00.html?portlet=5)

Established in 2003, the US-CERT is a partnership between the Department of Homeland Security and the public and private sectors whose goal is to protect the nation’s Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the United States of America.

Written by Mike Rede

Leave A Reply