The United States Internal Revenue Service recently notified its clients that a phony email (claiming to be from the IRS) was circulating around the web. This particular email's subject tells recipients that they have underreported their income and advises them to login to a site to update their records. Problem is, if recipients click on the link, their computers end up infected with malicious software. While the I.R.S. has been the subject of many high profile phishing attacks, I think that this method is especially interesting.

Think about this for a moment - what thoughts would go through your mind if you got an email message that said you underreported your income? Would you be scared that you were going to face criminal charges? Would you worry that someone had stolen your identity and earned income under your name/social security number? Would you have images of serving time on tax evasion charges? And, if thoughts like this are running through your head, do you think you would make the most rational decision?

Social engineering tactics like this bother me because they prey upon people's fears. They make me wonder what kinds of people have the audacity to inflict so much mental anguish upon others, all in the name of greed. Certain types of cyber-criminals choose to scare people to make them more vulnerable.

I think that is absolutely heinous. What do you think? And how should we stop these types of cyber-criminals?