A highly targeted spear phishing campaign is currently doing the rounds. Executives–including some of our own at McAfee–have received emails purportedly from the U.S. Tax Court. The emails are designed to look like a petition from the Tax Court and are fairly believable, with domains similar to the legitimate ustaxcourt.gov in the “from” address and links. There’s also a legitimate telephone number for the organisation. The executive’s name is listed as the respondent in a case versus the Commissioner of Internal Revenue.

The scammers do their homework when it comes to spear phishing. Instead of pumping out millions of emails to anybody and everybody, spear phishers send out their scams only to people they know will be susceptible to the scam. In this case a top executive–rather than the average employee–is much more likely to be involved in a court case of this nature.

Clicking on the link may result in malicious code such as keyloggers being installed on your system.

The U.S. Tax Court currently has the following notice on its web site:

“The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court’s practitioner bar. This message is an example of “Spear Phishing,” which is an e-mail spoofing attempt that targets a specific organization. The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court.”