Scammers are using news reports about stimulus checks and the COVID-19 vaccine to gain access to bank and email accounts.

A report from Virginia-based email security firm Cofense details an elaborate scam that impersonates the IRS to install the Dridex banking trojan on PCs. The lure is the Biden stimulus bill that just started putting $1,400 checks in people's bank accounts.

Meanwhile, phishing campaigns using the word "vaccine" in the subject line doubled from January to March, according to GreatHorn, a Boston-area e-mail security firm. As something to watch out for, they cite examples of common phishing e-mails.

These malicious efforts are a reminder to be very wary of offers and news delivered via email, social media, and instant messaging, especially if the offer looks too good to be true.

The Cofense example certainly fits the "too good to be true" bill. Entitled "The President's Rescue Plan Paper," the e-mail message promises a "$4,000 stimulus package" from the IRS, an increase in the minimum wage, the ability to skip the immunization line, "free meals," and more.

It references the real American Rescue Plan Act and concludes hilariously with the words "Concern for America's Future, U.S. Federal Government."

All you have to do is fill out the form online.

But clicking that button downloads an Excel spreadsheet that looks like an application form. But you can't actually fill out the form yet."

A dialog box appears instructing you to click on "Enable content" to review it.

Oh, you really shouldn't do that. Clicking "Enable content" unlocks a hidden macro in the Excel spreadsheet that exploits a built-in Windows process to download and install a Dridex banking-type Trojan. This Trojan is a piece of malware specifically designed to infiltrate your online bank account and wipe it out.

Eagle-eyed e-mail recipients may recognize the scheme by looking at the outgoing e-mail address: "[email protected]". This address has the number "1" where the "L" in "federal" should be and a lowercase "L" where the "I" in "IRS" should be.

If you have been following Tom's Guide's excellent coverage of the stimulus package, you know that the real stimulus is $1,400 per person, not $4,000; that the minimum wage provision was not included in the final bill; that the American Rescue Plan Act is a vaccine line you know that it does not guarantee a better place in the vaccine line or free meals.

GreatHorn's example of a vaccine-related phishing email is not genuine, but a general approximation of what you might expect to see. The example begins by promising information about "Covid-19 vaccination and testing" in the form of a linked PDF.

Clicking on the link brings up what looks like a Microsoft Office 365 login window. This login window is intended to steal your Microsoft login credentials and access your Microsoft account.

In a bit of security theater, the login window may even make you do one of those "click on the picture containing the car" puzzles to prove that you are a human and not a computer algorithm.

But at that point the damage is done. While you are trying to figure out which image contains a car, a mountain, or a traffic light, the bad guys are hacking into your account and reading your emails.