The latest phishing attack involves an official looking government message from the National Payroll Consortium that claims that the recipients' employer has been caught attempting to fraudulently lower workman's compensation costs. It asks that the recipients fill out an attached form and fax it to NPRC's fraud department. However, the attachment actually contains a Trojan with a malicious file. The NPRC has posted an advisory on its website warning visitors of The Scam.
"This email was NOT sent or authorized by NPRC, and is NOT associated with NPRC. It likely contains malware or viruses that could harm your computer if you click on any links contained in the email or open any attachments," the advisory states.
The attack was spotted by Websense, a web, data, and messaging security firm.

"Social engineering attacks will always be successful. They're banking on how users handle a particular scenario," said Stephan Chenette, Websense Security Labs manager. "In this particular case it was quite successful."