Fake IRS Emails, Phishing Scams

Christian Gertenbach, Unsplash
@kc_gertenbach

The IRS categorizes any email scam that involves tricking victims into revealing personal and financial information over the Internet as "phishing." The phishing definition is the act of sending emails impersonating a company or person in order to obtain your personal information. Smishing is the same practice done via text, iMessage, or smartphone SMS message. The IRS does not initiate contact via email, text message, or social media channels. They do not demand, make threats, or ask people for PIN numbers, passwords, or other details or credentials for their credit card, bank, or other financial accounts. Every year, the IRS alerts taxpayers to the latest versions of these email scams. Learn more about tax fraud and prevention.

eFile.com practices multiple levels of security, assuring your information is safe when you prepare and e-file your tax return. Additionally, the IRS enforces multiple means to protect the identities of taxpayers. The IRS will not accept an e-filed tax return without the exact previous year adjusted gross income (AGI) and/or the most recently issued IRS Identity Protection PIN or IP-PIN. As per law, to enforce security and identity protection, state tax returns can only be e-filed if they are submitted with the federal return with the exception of California state returns.

Tax Scams, Phishing, Smishing, and More

The IRS is always warning of various scams to watch out for as well as providing tips. For example, they recently issued a reminder to only enter accurate information from your W-2 and 1099 tax forms onto your return or into tax software. A scheme circulating on social media encouraged taxpayers to enter inaccurate W-2 entries in order to receive a large tax refund. Do not fall victim to this trick as the IRS will catch this. When you file your taxes on eFile.com, only enter figures from your tax forms exactly as they appear on your employers issued form.

In recent years, the IRS saw mass amounts of Form 7202, Credits for Sick Leave and Family Leave for Certain Self-Employed Individuals, as well as Schedule H, Household Employment Taxes, being used to file fraudulent returns. These forms were able to be used to create fake information and claim a large credit, some as large as five figures. Remember to only report accurate, honest information on your income tax return.

Key points:

• The IRS warns of a wide range of tax penalties for filing fraudulent information including a frivolous return penalty that could be as much as $5,000.
• If you ever need to send tax payments to the IRS, always make the check payable to the U.S. Treasury as checks should never be written to a third party. Make sure you are sending your federal tax payment to the real IRS mailing address based on where you reside, though we highly recommend paying IRS and state taxes online.
• The IRS will not threaten to send police or law enforcement to take your house if you owe small amounts of taxes. If you know you do not owe taxes: hang up the phone, disregard the threat, and report this to the IRS.

Have you received an unusual email from someone pretending to be the IRS? Did you get a threatening or urgent text message supposedly from the IRS or a tax filing company? Forward it directly to the IRS at phishing@irs.gov. If you believe you have accidentally provided your information to identity thieves, the IRS suggests immediately creating an IP-PIN and keeping it safe so no one can file a return with your information.

IRS "Dirty Dozen" Tax Scams

The IRS provides a collection of scams each year called the "Dirty Dozen" list; this warns taxpayers, tax professionals, and financial institutions of these schemes so more can be aware of them.

Such recent cams included the Employee Retention Credit (ERC) scams which were done through identify theft and filing a fabricated return with this credit, claiming a refund of tens of thousands of dollars. Though this is a valid credit for back taxes, for certain business owners it should not be abused or wrongly claimed if a taxpayer does not qualify for it. See details on changed or expired tax laws. Similarly, promotors are encouraging taxpayers to erroneously claim the Credit for Federal Tax Paid on Fuels via Form 4136 when they do not qualify for it in order to increase their refund.

e-File your returns online with eFile.com - the eFile platform only uses valid IRS tax code laws and generates the proper forms based on your entries. You will not be wrongly persuaded to inflate your refund like tax preparers and other third-parties may encourage you to do.

The 2024 tax scams highlighted by the IRS can be found here, updated as the IRS provides them:

1. Be mindful and aware of phishing or smishing scams designed to steal your data.
2. Stay clear or aggressive promotors who may try to trick you into falsely claiming the Employee Retention Credit through promises of a large tax refund.
3. Watch out for scammers who offer help setting up an online IRS Account - this account holds sensitive information and is easy to set up on your own.
4. Be aware of promotors and scammers pushing you to falsely claim the Fuel Tax Credit which most do not qualify for.
5. Be cautionary of phony services offering support for an IRS Offer in Compromise (OIC); these advertisements or pitches claim that their services are needed in order to resolve your IRS debt.
6. Learn to identify and avoid fake charities aimed at exploiting your generosity; they may urge donations and promise a tax deduction by posing as a phony charitable organization.
7. Avoid "ghost preparers" or untrustworthy tax preparers who take your cash and personal information while filing a false return. File your taxes on eFile.com so only you have access to your sensitive data.
8. Refrain from taking advice from "influencers" on social media who may lure you into using falsified information on your income tax return to get a large tax refund. This is consider fraudulent and could get honest taxpayers in trouble for falling for a social media post or trend.

The 2023 Dirty Dozen was made up of these tax scams to watch out for:

1. Abuse and false claim of the Employee Retention Credit
2. Email and text message scams for tricking people into handing over personal information - see details on phishing and smishing scams below.
3. Fake or fabricated help setting up an IRS Account used to steal your information
4. Third-party promotors of false fuel tax credit claims
5. Fabrication of fake charities encouraging or pressuring taxpayers into donating to a fake organization, often using the tax deduction for donations as reason
6. Choose the right tax preparer to avoid shady or nonqualified tax preparers - or, simply e-file your taxes online through a DIY platform
7. Be aware of schemes or false tax information spread on social media; keep up with valid tax news and expired or changing tax laws
8. Spearfishing and other scams targeting tax professionals and businesses - see how eFile.com keeps your information safe
9. Be aware of fake Offer in Compromise business, services, or "mills" that mislead taxpayers by telling them that they can settle a tax debt by paying a smaller fee - only set up an Offer in Compromise through the IRS.
10. Scams aimed high-income filers including Charitable Remains Annuity Trusts as well as monetized installment sales.
11. Be aware of false tax schemes aimed at illegally reducing or avoiding taxes.
12. Scams or schemes including international elements such as offshore accounts or digital assets.

The IRS separated the 2022 Dirty Dozen into these categories:

1. Use of Charitable Remainder Annuity Trust or CRAT in order to eliminate taxable gain
2. Maltese or other foreign pension arrangements misusing treaty
3. Puerto Rican and other foreign captive insurance - this occurs when a U.S. owner claims a deduction for "insurance coverage" that is provided by the fronting carrier
4. Monetized installment sales - this allows the seller to receive sales through purported loans
5. Economic Impact Payment (EIP) and tax refund scams
6. Unemployment fraud, inaccurate 1099-G
7. Fake employment offers via social media, email, etc.
8. Fake charities set up to steal money of unsuspecting donators
9. Concealing assets in offshore accounts; improper reporting of digital assets
10. High-income individuals not filing tax returns
11. Abusive syndicated conversation easements
12. Abusive micro-captive insurance arrangements.

Important takeaways: The IRS does not send text messages to individuals requesting tax information, even if they indicate that it is needed to send a stimulus check (no longer being issued as of December 31, 2021) or tax refund. They do not send emails first nor do they leave pre-recorded, urgent or threatening voicemails or messages. The IRS does not demand a specific payment method, like a prepaid debit card, a gift card, or a wire transfer. See how to pay IRS taxes here.

The IRS categorizes recent scams into the following:

1. Pandemic related scams - potentially related to theft of Economic Impact Payments or stimulus checks.
2. Personal information cons - a more common form of scam, includes phishing, ransomware, malware, etc.
3. Ruses focusing on unsuspecting victims - most common, includes fake charities and often targets seniors or elderly.
4. Schemes that persuade taxpayers into unscrupulous actions - examples include fake Offer In Compromise agreements which lure the victim into a feeling of security before the scam.

Most of these scams begin with an email; learn below on how to tell if an email is fake or a scam.

How to Identify Fake Emails

Any email from the IRS is a scam if they are initiating contact first. It can be helpful to know how to identify one of these emails based on some identifying factors; this applies to scams in general, not just IRS phishing emails.

• Subject Line: The subject line should always be something regarding what the email will be about. You may see the subject line of URGENT or ATTENTION; these are only done to catch your eye. This is common; the email is likely not urgent and is only included so the recipient will panic and open the email.
• Greeting: If you have an account with a company, they will almost always address you by your name. If you are certain that you have an account with a company who you received an email from and they use a generic greeting, such as "sir" or "ma'am," be wary of this when reading the rest of the message. For example, emails from eFile.com will always include your username if you have an account with us.
• Links: The email will have a link, requesting that the recipient click it and enter some information. You may be asked to enter your personal information to receive a payment or that you need to verify your identity to unlock your account. Doing so would give your information directly to someone who should not have it. Often, these are long links containing various numbers and letters in no order. Inspect the link and take note of why you are being asked to click on it. Sometimes, the link is even disguised as a button; read the rest of the email to see why exactly you are being asked to click the button.
• Message: The bulk of the email will try to convince you to click their link or button and enter your information as soon as possible. They want a passcode, your bank numbers, or other personal information. The email may ask you to verify yourself to unlock your account, for example, by filling out a form with your account information. Be aware of the language in the email; if you do click the link, note the address of the page, the legitimacy of the page, and review the information being requested.
• Sender: If some of the above information has raised your concern, see where the email is coming from. Scammers may use a variation of a company's email and even use the company logo as their contact, appearing as the company itself. Be sure that the sender is a person you know or a company email which you have interacted with before and/or recognize.

The Latest Email Tax Scams

Emails can be used to get unsuspecting users to click on links and give up their information. Learn to watch out for phishing emails or scams by making yourself familiar with identifying fake emails. Below are some of the most recent email tax scams:

• Spear phishing scams targeting tax professionals: What is spear phishing? The IRS is warning tax professionals and taxpayers of IRS scammers which attempt to steal their tax software preparation credentials. If you use eFile.com or any other software, be on the lookout for emails that claim "your account has been put on hold" or "open this email to unlock your account" as these are scams trying to get users to sign in with their login credentials. See how to identify fake emails below. We at eFile.com will only send emails from support@efile.com.
  • The latest email scams claim that "Your account has been put on hold" or "Action required" for this matter and include logos of the IRS and/or tax preparation platform. 
• Emails, texts about the advance Child Tax Credit (CTC) or Stimulus Checks: Fake emails or text messages may be sent requesting information in order for a person to verify their identity to claim their advance Child Tax Credits payments or stimulus payments as part of the third stimulus bill. These inquiries may state that you need to provide your information in order to begin receiving your due payments. This is not true; the IRS issued these payments based on your most recently filed tax return. If you have already filed, then you do not need to verify yourself nor provide additional information. You may report this to the IRS by sending them information about the text, including date/time the text was received and the phone number it was sent to. Important: the IRS is no longer issuing stimulus checks or CTC payments as of December 31, 2021.
• Unemployment fraud: Due to the COVID-19 Pandemic, many taxpayers experienced job loss and collected unemployment benefits during 2020 and 2021. Scammers took advantage of this by filing fraudulent claims using stolen identities; these payments went to the thieves while the person whose identity was compromised received a 1099-G. If you receive a 1099-G with suspicious information, like amounts you did not receive, you may have been affected by this. Contact the appropriate state tax agency.
• Emails to students: The IRS will not email your school account, likely ending in a ".edu", requesting information. Students are often targeted because all it takes is one student to click on a link to give the scammer access to a mailing list of all students, spreading these emails. The email may state that something needs updating regarding your recent return or school account in order to receive your tax refund and may ask you to click a link and fill an online form. Simply disregard the email or report it to the IRS directly.
• Requests for Bank Account Numbers: Other fraudulent email scams entice taxpayers to click their way to a fake IRS website and ask for bank account numbers. Another widespread email tells taxpayers the IRS is holding a tax refund for them and asks for financial account information.
• Fake Tax Bills Related to the Affordable Care Act: These "bills" are emails with attachments of fake CP2000 IRS notices (the IRS only sends these notices via certified mail) related to 2015 Affordable Care Act underpayments for 2014 health insurance coverage. The emails request that taxpayers write a check to "I.R.S" and send it to the "Austin Processing Center" with a post office box address, as well as send an electronic payment by clicking a link.
• Update IRS e-File Emails: These emails include a link to a fake website that looks like the official IRS website. They instruct the reader to "update your IRS e-file immediately” by clicking the link and entering their information in the website that opens. The emails mention IRSgov and USA.gov, but not IRS.gov (IRS-dot-gov). These emails are NOT from the IRS, so anyone who gets these types of emails should not respond to the email or click on any links in the email.
• Emails Supposedly from the IRS Criminal Investigation Division: Emails purporting to be from IRS Criminal Investigation Division falsely state that the person is under a criminal probe for submitting a false tax return to the California Franchise Board. They seek to entice people to click on a link or open an attachment to learn more information about the complaint against them. DO NOT click the link in the email or open the attachment as they are a Trojan Horse which can take over a computer hard drive and allow someone remote access to it.
• The IRS Acting as Arbitrator: This type of email suggests that a customer has filed a complaint against a company and the IRS can help to settle it. Different versions of the email are aimed at business and individual taxpayers.

Keep up with these scams so you, your family, and friends do not fall victim to any of them. The IRS will never initiate contact via email - if you receive an email requesting information, containing links, and claiming to be the IRS or associate with the IRS, it is likely a scam. See how to identity a fake email or phone call below.

How the IRS and State Agencies Fight Email Tax Scams

The IRS and the Treasury Inspector General for Tax Administration (TIGTA) work with the U.S. Computer Emergency Readiness Team (US-CERT) and various Internet service providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.

The IRS, in collaboration with state tax agencies, representatives of the software industry, and other tax preparation firms, has established the Security Summit. This organization combats identity fraud by assigning groups to various areas.

These programs rely largely on consumers who receive these emails as they are needed to report the websites, emails, and phone numbers.

• Do not open any attachments or click on any links contained in the emails. Instead, forward the email to phishing@irs.gov.
• Contact the IRS Identity Theft Hotline at 1-800-908-4490.
• See how to report tax return fraud to IRS.
• Personal information, credit card fraudulently used on eFile.com.

Phone Scams and "Scam Likely" Callers

Scammers may contact you through your cellphone or landline telephone number. These can be IRS impersonations claiming to require payment of debt, but there are many other scam phone callers. Nowadays, most cellphones have features in place to identity these scams, like caller ID's which read scam likely or some which may immediately identify the scam call before sending it to voicemail. You can block scam likely calls automatically through your phone's settings if the feature is available; on an Apple iPhone, for example, under Settings, go to Phone and enable the Silence Unknown Callers feature - this will keep your phone from ringing when someone unknown calls your number. Here, you can also enable a scam detecting app and view all the phone numbers your phone has blocked under Blocked Contacts.

How to Block Scam Likely Calls on Any Device

Use this simple trick on any cellphone, including iPhone and Android, to automatically block these calls:

Open the phone app on your device and select the keypad to enter a phone number. Here, simply enter #662# and then the call button. The app will load and then you will be told that you have successfully enabled the feature. To disable it at any time, simply redial the number; to check the status (enabled or disabled), enter #787# and press the call button.

How to Identify Scam Calls

Scammers may take on various roles either over the phone or via email.

• In addition to IRS impersonators, scammers may impersonate a company. These include Amazon scam calls, Cash App scams, Zelle scams, fake Microsoft employees, and other scam likely calls. The scammer may provide the company name, their fake employee name, plus a fake employee identification number, reference number, or customer service level number.
• Scam phone callers take on a variety of approaches to getting your money, including:
  • Issuing a fake refund to your bank account in a large amount in order to convince you to refund the overpaid money, often through Target gift cards, Walmart gift cards, other gift cards, or wire transfer.
  • Stating that there was an issue with your recent purchase from their company (Target, Microsoft, etc.) - remember, they do not actually work for the company. They will ask you to provide personal information to complete the transaction and/or may request some form of payment as well.
  • Fabricated transactions or fake charges; they may claim your Cash App was used for a purchase, someone has used your PayPal or Venmo to transfer money, or even an IRS or state tax payment was made or needs to be made.
• These callers may have more extreme tones, including angry or threatening, but they may also be friendly and deceiving. Be sure to ask questions; ask them to confirm a detail about your account, the order number of the transaction in question, or other detail only you and someone with your account information would know. Any customer service representative would not threaten you, especially the IRS.

While these are generally smaller scale scams than a Ponzi Scam, they can add up. Scamming organizations operate through regular work hours and, when they scam dozens of people each week, they can earn thousands of dollars each week. Keep your information safe! Create accounts with trusted companies - see how eFile.com keeps your personal data secure - and never give out your personal information unless you are certain you can trust the requesting entity. 

TurboTax^® is a registered trademark of Intuit, Inc.
H&R Block^® is a registered trademark of HRB Innovations, Inc.