The Federal Trade Commission, which has declared war on Internet scams, warned consumers on Monday not to open a bogus e-mail that appears to come from its fraud department because it carries an attachment that can download a virus.
The e-mail says it is from "frauddep@ftc.gov" and has the FTC's government seal.
But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.
"It's a treasure trove for identity theft," said David Torok of the FTC's Bureau of Consumer Protection. "We're concerned. The virus that's attached to the e-mail is particularly virulent."
The agency, which is one of several government agencies investigating cyber fraud, did not know how many people had received the e-mail.
"We've received hundreds if not thousands of calls and complaints, this one may have had a large distribution," he said.
Recipients should forward the e-mail to spam@uce.gov, an FTC spam database used in investigations.
Nine percent of people surveyed in a poll conducted in August and September reported having had their identities stolen, Bari Abdul, a vice president at security software maker McAfee Inc, said at a cyber security conference on Oct 1.