Forbidden Web

May 15, 2008

United States Tax Court Spear-Phishing Attack
US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be petitions from the US Tax Court. These messages appear to be legitimate because they may contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the petition, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:

Review the alert posted by the United States Tax Court regarding this issue.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Install anti-virus software and keep virus signature files up to date.