January phish buffet: Now with IRS

As regular as tax season itself, phishers pretending to offer information on an IRS "stimulus payment" are targeting thrifty (or is that greedy?) taxpayers.

The latest version of the scam, which is making the e-mail rounds as of Monday morning, travels under the subject line "Stimulus Payment form it's ready for you to submit." The message claims that "After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a Stimulus Payment," and includes a file that looks like a PDF...until you notice the extra ".htm" at the end of the file name.

If clicked, the HTML file redirects users to a page on the British teen site imuze.co.uk, charmingly enough located in the /lol/ directory. The usual phishing hijinks appear to ensue, though it's unclear if further mayhem is perpetrated. Imuze is a legitimate and even safety-conscious site ("your safety is our priority!"); at press time, no one from the site was available to comment on the problem.

Substituting the words "economic stimulus" for "tax refund," the new phishing lure is nearly identical to one cast in early 2006. The IRS, aware that its "customers" are a popular target for phishers, has a page of information on how to identify a phishing attempt (first sentence: "The IRS does not initiate taxpayer communications through e-mail") and what to do if you're approached.

At press time, the agency was aware of the scam.