There have been reports of people receiving a new phishing email
that claims to be notification of a refund from the Internal Revenue Service (IRS). There is apparently a security configuration error on the real federal government website, which faciliates redirecting visitors to a bogus website.
"This phish tells the user that the IRS owes them several hundred dollars and offers a web link from which they can allegedly claim the tax refund," said Graham Cluley, senior technology consultant at Sophos. "But the link in the email simply bounces the user off a government website onto a site owned by the criminals, who are ready and waiting to steal their credit card details, Social Security numbers and other personal information."