The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers
trying to gain access to consumers’ financial information in order to steal their identity and assets. Scammers use the regular mail, telephone, fax or email to set up their victims. When identity theft takes place over the web (email), it is called phishing.
The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season.
Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes can ask taxpayers about a wide range of topics. Emails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country. The IRS is aware of email phishing scams that appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though notably, not IRS.gov (with a dot). These emails are not from the IRS.
The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.
For more details, see:
- Phishing Remains on the IRS “Dirty Dozen” List of Tax Scams for the 2017 Filing Season
- Consumers Warned of New Surge in IRS Email Schemes during 2016 Tax Season; Tax Industry Also Targeted
- IRS warns taxpayers of a phishing scam targeting Washington D.C., Maryland and Virginia residents where the email scammers are citing tax fraud and trying to trick victims into verifying “the last four digits of their social security number”
The IRS does not initiate taxpayer communications through email. Unsolicited email claiming to be from the IRS, or from an IRS-related component such as EFTPS, should be reported to the IRS at firstname.lastname@example.org.
For more information, visit the IRS’s Report Phishing web page.