It seems that fraudsters are now targeting victims of HMRC data scandal, when details of 25 million child benefit recipients were lost.
The records, which included confidential details such as bank and building society details, NI numbers, addresses and child records, were announced as missing by Chancellor Alistair Darling on 21 November.
And now, fraudsters are targeting the very people whose details went missing.
McAfee has now discovered a phishing attack that targets these victims by offering the recipient the opportunity to claim a tax refund of £215 from the Government.
The email contains a link to a suspect site.
"This phishing attack has echoes of traditional get rich quick scams, praying on the desire to be compensated for the Government losing their data, but people must learn that there really is no such thing as free money."
"Recent high profile data loss incidents have left the public more vigilant about handing over information that has any link to HMRC, so this may not be the most thoroughly considered phishing attack", said Greg Day, McAfee security analyst.
McAfee explains that phishing scams use fraudulent emails and websites, to impersonate legitimate businesses, in hopes of getting you to disclose your personal information.
It says that legitimate businesses will never send an email asking a customer to update personal information.
Internet users are urged not to enter their personal information onto a pop-up screen, as phishers may direct their victims to the website of a real organisation, but then use an unauthorised pop-up screen.
McAfee also advises internet users to install pop-up blocking software to help prevent this type of phishing attack.
It adds: "When providing your personal information to a business website, check for signs that the site is secure. A padlock icon on the browsers status bar or a URL for a website that begins with 'https:' ('s' indicates 'secure')".
However, it adds to be aware that these signs are not 100% foolproof, since even security icons might be forged.
It also says that users should never cut and paste the link from a message into an internet browser.
It warns: "Phishers can make links seem as if they’re going to a legit place when they’re not. Open a new internet browser and type in the company’s correct Web address manually".