I've been getting about 4 of these emails per day. I haven't clicked a link once. I think a lot of these attacks could be mitigated by teaching internet users the structure of a web address. The links are always something like: irs.gov.fraudulentclaims.net (not the actual site, just an illustrative example.) I'm sure all you readers already know that in this example the important part of the address is the last part, fraudulentclaims.net. I think it would be simple to educate the public to the fact that addresses are formed as ie: least-significant.more-significant.(...).most-significant.(net/org/edu/etc.) I used to work in a bank and we received a decent amount of training in avoiding these types of attacks but this fact was never mentioned. This method has never failed me in detecting such an attack and it's very simple to understand.