While the U.S. Senate is meeting for a rare Saturday session to debate the $780-billion plan in an effort to stimulate the U.S. economy, online scammers are busy coming up with new and interesting ways to cash in on the action.

Researchers from the SANS Internet Storm Center have discovered a new scam that offers unsuspecting victims a refund from the US Internal Revenue Service.

According to the ISC, the new scam comes in the form of an e-mail with the subject line of “Economic Stimulus Payment form ID: [SP-251.9475]” that invites recipients to download and submit an attached form in order to receive their stimulus payment.

The attachment, which contains JavaScript, will be executed by your browser when the file is viewed. This means you don’t need to click on anything within the browser for something potentially malicious to happen.

IRS E-mail and Web Policy

This new scam is typical of tax time behavior by the bad guys and the stimulus package only offers scammers the chance to get more creative. As such, it might be useful to re-examine what the IRS will and will not do on the Web.

The IRS does not initiate taxpayer communications through e-mail.

  • The IRS does not request detailed personal information through e-mail
  • The IRS does not send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts

If you receive an e-mail from someone claiming to be the IRS or directing you to an IRS site:

  • Do not reply
  • Do not open any attachments. Attachments may contain malicious code that will infect your computer
  • Do not click on any links. If you clicked on links in a suspicious e-mail or phishing Web site and entered confidential information, visit the IRS Identity Theft page

Whenever you’re unsure about an e-mail, then best course of action is to delete it and if you must investigate further, do it via the telephone. As Adrien de Beaupre says about the fake Stimulus payments: “is if it looks too good to be true, it is.”