IRS Warns On Surge Of New Email Phishing Scams

It’s the most wonderful time of the year … for scammers. The Internal Revenue Service (IRS), state tax agencies and the nation’s tax industry are warning taxpayers to be on the lookout for scams at this time of year. The call follows what the IRS refers to as “a surge of new, sophisticated email phishing scams.”

Scammers can take advantage of taxpayers at any time, but the IRS believes that taxpayers may be particularly vulnerable now.

“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”

Phishing scams are on the rise. In 2018, the IRS noted a 60% increase in bogus email schemes that seek to steal money or tax data. That marks a dramatic change: Reports had declined for the previous three years. In terms of numbers, more than 2,000 tax-related scam incidents were reported to the IRS from January through October, compared to approximately 1,200 incidents in all of 2017. 

In a typical phishing scheme, scammers attempt to obtain sensitive personal, financial or tax information such as usernames and passwords by pretending to be another person or entity. The emails may appear to be legitimate by using spoofed email addresses and stolen logos to trick the recipient into believing that the email is from a trusted source. Typically, the emails contain hyperlinks that take users to a fake site or PDF attachments that may download malware or viruses. These phishing schemes can endanger a taxpayer’s financial and tax data, allowing identity thieves a chance to try stealing a tax refund.

Last month, the IRS warned about a new “tax transcript” scam. In the scam, taxpayers were tricked into opening emails that look like they are from the IRS—but they potentially carried malware.

In another malware scam, thieves sent email with subject lines like “IRS Important Notice” and “IRS Taxpayer Notice.” In the email, scammers demanded payment or threatened to seize the recipient’s tax refund. 

Don’t respond to these emails, and don’t click on links. Taxpayers can forward these email schemes to phishing@irs.gov—then hit delete.

Of course, not all phishing schemes use email: Some may be phone scams. In a common version of this kind of phishing scam, callers posing as IRS representatives contact taxpayers by phone, claiming that they owe money to the IRS. Taxpayers are told that they must pay the balance promptly using a pre-loaded debit card or wire transfer or be subject to punishment, including arrest, deportation or suspension of a business or driver’s license. The callers may have heavy foreign accents, use common names and fake badge numbers. The number on the caller ID may also look like the IRS since the scammers may spoof the IRS toll-free number.

Reports of phone scams increased in 2018, with the IRS reporting receipt of thousands of such complaints each week. These phone scams are "a major threat to taxpayers" and as such, continued to hold down a top spot on the IRS "Dirty Dozen" list of tax scams for the 2018 filing season.

Don't engage or respond with scammers. Here's how to protect yourself:

• If you receive a call from someone claiming to be from the IRS, and you do not owe tax, or if you are immediately aware that it’s a scam, don’t engage with the scammer and do not give out any information. Just hang up.
• If you receive a telephone message from someone claiming to be from the IRS, and you do not owe tax, or if you are immediately aware that it's a scam, don’t call them back.
• If you receive a phone call from someone claiming to be with the IRS, and you owe tax or think you may owe tax, do not give out any information. Call the IRS back at 1.800.829.1040 to find out more information.
• Never open a link or attachment from an unknown or suspicious source.
• If you’re not sure about the authenticity of an email, don’t click on hyperlinks. A better bet is to go directly to the source’s main Web page. 
• Use security software to protect against malware and viruses found in phishing emails.
• Use strong passwords to protect online accounts and use a unique password for each account. Longer is better, and don’t hesitate to lie about important details on websites since crooks may know some of your personal details.
• Use two or multifactor authentication when possible. Two-factor authentication means that in addition to entering your username and password, you typically enter a security code sent to your mobile phone or other device.

As a reminder, the IRS will never:

• Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
• Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
• Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
• Require you to use a specific payment method for your taxes, such as a prepaid debit card, gift card or wire transfer.
• Ask for credit or debit card numbers over the phone.

Don’t fall for the tricks. Keep your personal information safe by remaining alert. And, when in doubt, assume it’s a scam. For tips on protecting yourself from identity theft-related tax fraud, click here. 

The Internal Revenue Service, state tax agencies and the tax community, partners in the Security Summit, are marking “National Tax Security Awareness Week” December 3 -7, 2018, with a series of reminders to taxpayers and tax professionals. Visit “Taxes. Security. Together.” or review IRS Publication 4524, Security Awareness for Taxpayers (downloads as a pdf), to learn more.