Fake IRS Emails, Phishing Scams
Christian Gertenbach, Unsplash
The IRS categorizes any email scam that involves tricking victims into revealing personal and financial information over the Internet as "phishing." The phishing definition is, simply put, sending emails impersonating a company in order to obtain your personal information. The IRS does not initiate contact via email, text message, or social media channels. They do not demand, make threats, or ask people for PIN numbers, passwords, or other personal information for their credit card, bank, or other financial accounts. Every year, the IRS alerts taxpayers to the latest versions of these email scams. Learn more about tax fraud and prevention.
eFile.com practices multiple levels of security, assuring your information is safe when you prepare and e-file your tax return. Additionally, the IRS enforces multiple means to protect the identities of taxpayers. The IRS will not accept an e-filed tax return without the exact previous year adjusted gross income (AGI) and/or the most recently issued IRS Identity Protection PIN or IP-PIN. As per law, to enforce security and identity protection, state tax returns can only be e-filed if they are submitted with the federal return with the exception of California state returns.
If you ever need to send tax payments to the IRS, always make the check payable to the U.S. Treasury as checks should never be written to a third party. Make sure you are sending your federal tax payment to the real IRS mailing address based on where you reside, though we recommend paying IRS and state taxes online. The IRS will not threaten to send police or law enforcement to take your house if you owe small amounts of tax. If you know you do not owe taxes: hang up the phone, disregard the threat or request for money, and report this to the IRS.
Have you received an unusual email from someone pretending to be the IRS? Forward it directly to the IRS at firstname.lastname@example.org. If you believe you have accidentally provided your information to identity thieves, the IRS suggests immediately creating an IP-PIN.
The Latest Email Tax Scams
Keep up with these scams so you, your family, and friends do not fall victim to any of them. The IRS will never initiate contact via email - if you receive an email requesting information, containing links, and claiming to be the IRS or associate with the IRS, it is likely a scam. See how to identity a fake email or phone call below.
IRS "Dirty Dozen" tax scams
The IRS provides a collection of scams each year called the "Dirty Dozen" list; this warns taxpayers, tax professionals, and financial institutions of these schemes so more can be aware of them. This list typically is released by the IRS in the middle of the tax year - for example, the 2022 Dirty Dozen was finalized and released by the IRS in June of 2022. This information may be beneficial to taxpayers through the remainder of 2022 and into Tax Year 2023.
The IRS separated the 2022 Dirty Dozen into these categories:
- Use of Charitable Remainder Annuity Trust or CRAT in order to eliminate taxable gain.
- Maltese or other foreign pension arrangements misusing treaty.
- Puerto Rican and other foreign captive insurance - this occurs when a U.S. owner claims a deduction for "insurance coverage" that is provided by the fronting carrier.
- Monetized installment sales - this allows the seller to receive sales through purported loans.
- Economic Impact Payment (EIP) and tax refund scams.
- Unemployment fraud, inaccurate 1099-G.
- Fake employment offers via social media, email, etc.
- Fake charities set up to steal money of unsuspecting donators.
- Concealing assets in offshore accounts; improper reporting of digital assets.
- High-income individuals not filing tax returns.
- Abusive syndicated conversation easements.
- Abusive micro-captive insurance arrangements.
Important takeaways: The IRS does not send text messages to individuals requesting tax information, even if they indicate that it is needed to send a stimulus check (no longer being issued as of December 31, 2021) or tax refund. They do not send emails first nor do they leave pre-recorded, urgent or threatening voicemails or messages. The IRS does not demand a specific payment method, like a prepaid debit card, a gift card, or a wire transfer. See how to pay IRS taxes here.
The IRS categorizes recent scams into the following:
- Pandemic related scams - potentially related to theft of Economic Impact Payments or stimulus checks.
- Personal information cons - a more common form of scam, includes phishing, ransomware, malware, etc.
- Ruses focusing on unsuspecting victims - most common, includes fake charities and often targets seniors or elderly.
- Schemes that persuade taxpayers into unscrupulous actions - examples include fake Offer In Compromise agreements which lure the victim into a feeling of security before the scam.
Below are some of the most recent email tax scams:
- Spear phishing scams targeting tax professionals: What is spear phishing? The IRS is warning tax professionals and taxpayers of IRS scammers which attempt to steal their tax software preparation credentials. If you use eFile.com or any other software, be on the lookout for emails that claim "your account has been put on hold" or "open this email to unlock your account" as these are scams trying to get users to sign in with their login credentials. See how to identify fake emails below. We at eFile.com will only send emails from email@example.com.
- The latest email scams claim that "Your account has been put on hold" or "Action required" for this matter and include logos of the IRS and/or tax preparation platform.
- Emails, texts about the advance Child Tax Credit (CTC) or Stimulus Checks: Fake emails or text messages may be sent requesting information in order for a person to verify their identity to claim their advance Child Tax Credits payments or stimulus payments as part of the third stimulus bill. These inquiries may state that you need to provide your information in order to begin receiving your due payments. This is not true; the IRS issued these payments based on your most recently filed tax return. If you have already filed, then you do not need to verify yourself nor provide additional information. You may report this to the IRS by sending them information about the text, including date/time the text was received and the phone number it was sent to. Important: the IRS is no longer issuing stimulus checks or CTC payments as of December 31, 2021.
- Unemployment fraud: Due to the COVID-19 Pandemic, many taxpayers experienced job loss and collected unemployment benefits during 2020 and 2021. Scammers took advantage of this by filing fraudulent claims using stolen identities; these payments went to the thieves while the person whose identity was compromised received a 1099-G. If you receive a 1099-G with suspicious information, like amounts you did not receive, you may have been affected by this. Contact the appropriate state tax agency.
- Emails to students: The IRS will not email your school account, likely ending in a ".edu", requesting information. Students are often targeted because all it takes is one student to click on a link to give the scammer access to a mailing list of all students, spreading these emails. The email may state that something needs updating regarding your recent return or school account in order to receive your tax refund and may ask you to click a link and fill an online form. Simply disregard the email or report it to the IRS directly.
- Requests for Bank Account Numbers: Other fraudulent email scams entice taxpayers to click their way to a fake IRS website and ask for bank account numbers. Another widespread email tells taxpayers the IRS is holding a tax refund for them and asks for financial account information.
- Fake Tax Bills Related to the Affordable Care Act: These "bills" are emails with attachments of fake CP2000 IRS notices (the IRS only sends these notices via certified mail) related to 2015 Affordable Care Act underpayments for 2014 health insurance coverage. The emails request that taxpayers write a check to "I.R.S" and send it to the "Austin Processing Center" with a post office box address, as well as send an electronic payment by clicking a link.
- Update IRS e-File Emails: These emails include a link to a fake website that looks like the official IRS website. They instruct the reader to "update your IRS e-file immediately” by clicking the link and entering their information in the website that opens. The emails mention IRSgov and USA.gov, but not IRS.gov (IRS-dot-gov). These emails are NOT from the IRS, so anyone who gets these types of emails should not respond to the email or click on any links in the email.
- Emails Supposedly from the IRS Criminal Investigation Division: Emails purporting to be from IRS Criminal Investigation Division falsely state that the person is under a criminal probe for submitting a false tax return to the California Franchise Board. They seek to entice people to click on a link or open an attachment to learn more information about the complaint against them. DO NOT click the link in the email or open the attachment as they are a Trojan Horse which can take over a computer hard drive and allow someone remote access to it.
- The IRS Acting as Arbitrator: This type of email suggests that a customer has filed a complaint against a company and the IRS can help to settle it. Different versions of the email are aimed at business and individual taxpayers.
How to Identify Fake Emails
Any email from the IRS is a scam if they are initiating contact first. It can be helpful to know how to identify one of these emails based on some identifying factors; this applies to scams in general, not just IRS phishing emails. See these tips:
- Subject Line: The subject line should always be something regarding what the email will be about. You may see the subject line of URGENT or ATTENTION; these are only done to catch your eye. This is common and it is important to know that it is likely not urgent and is only included so the recipient will panic and open the email.
- Greeting: If you have an account with a company, they will almost always address you by your name. If you are certain that you have an account with a company who you received an email from and they use a generic greeting, such as "sir" or "ma'am," be wary of this when reading the rest of the message. For example, emails from eFile.com will always include your username if you have an account with us.
- Links: The email will have a link, requesting that the recipient click it and enter some information. You may be asked to enter your personal information to receive a payment or that you need to verify your identity to unlock your account. Doing so would give your information directly to someone who should not have it. Often, these are long links containing various numbers and letters in no order. Inspect the link and take note of why you are being asked to click on it. Sometimes, the link is even disguised as a button; read the rest of the email to see why exactly you are being asked to click the button.
- Message: The bulk of the email will try to convince you to click their link or button and enter your information as soon as possible. They want something you have, such as a passcode, your bank numbers, or other personal information. The email may ask you to verify yourself to unlock your account, for example, by filling out a form with your account information. Be aware of the language in the email; if you do click the link, take note of the address of the page, the legitimacy of the page, and review the information being requested.
- Sender: If some of the above information has raised your concern, see where the email is coming from. Scammers may use a variation of a company's email and even use the company logo as their contact, appearing as the company itself. Be sure that the sender is a person you know or a company email which you have interacted with before and/or recognize.
How the IRS and State Agencies Fight Email Tax Scams
The IRS and the Treasury Inspector General for Tax Administration (TIGTA) work with the U.S. Computer Emergency Readiness Team (US-CERT) and various Internet service providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.
The IRS, in collaboration with state tax agencies, representatives of the software industry, and other tax preparation firms, has established the Security Summit. This organization combats identity fraud by assigning groups to various areas.
These programs rely largely on consumers who receive these emails as they are needed to report the websites, emails, and phone numbers.
Phone Scams and "Scam Likely" Callers
Scammers may contact you through your cellphone or landline telephone number. These can be IRS impersonations claiming to require payment of debt, but there are many other scam phone callers. Nowadays, most cellphones have features in place to identity these scams, like caller ID's which read scam likely or some which may immediately identify the scam call before sending it to voicemail. You can block scam likely calls automatically through your phone's settings if the feature is available; on an Apple iPhone, for example, under Settings, go to Phone and enable the Silence Unknown Callers feature - this will avoid your phone from ringing when someone unknown calls your number. Here, you can also enable a scam detecting app and view all the phone numbers your phone has blocked under Blocked Contacts.
How to Block Scam Likely Calls on Any Device
Use this simple trick on any cellphone, including iPhone and Android, to automatically block these calls:
Open the phone app on your device and select the keypad to enter a phone number. Here, simply enter #662# and then the call button. The app will load and then you will be told that you have successfully enabled the feature. To disable it at any time, simply redial the number; to check the status (enabled or disabled), enter #787# and press the call button.
How to Identify Scam Calls
Scammers may take on various roles either over the phone or via email.
- In addition to IRS impersonators, scammers may impersonate a company. These include Amazon scam calls, Cash App scams, Zelle scams, fake Microsoft employees, and other scam likely calls. The scammer may provide the company name, their fake employee name, plus a fake employee identification number, reference number, or customer service level number.
- Scam phone callers take on a variety of approaches to getting your money, including:
- Issuing a fake refund to your bank account in a large amount in order to convince you to refund the overpaid money, often through Target gift cards, Walmart gift cards, other gift cards, or wire transfer.
- Stating that there was an issue with your recent purchase from their company (Target, Microsoft, etc.) - remember, they do not actually work for the company. They will ask you to provide personal information to complete the transaction and/or may request some form of payment as well.
- Fabricated transactions or fake charges; they may claim your Cash App was used for a purchase, someone has used your PayPal or Venmo to transfer money, or even an IRS or state tax payment was made or needs to be made.
- These callers may have more extreme tones, including angry or threatening, but they may also be friendly and deceiving. Be sure to ask questions; ask them to confirm a detail about your account, the order number of the transaction in question, or other detail only you and someone with your account information would know. Any customer service representative would not threaten you, especially the IRS.
While these are generally smaller scale scams than a Ponzi Scam, they can add up. Scamming organizations operate through regular work hours and, when they scam dozens of people each week, they can earn thousands of dollars each week. Keep your information safe! Create accounts with trusted companies - see how eFile.com keeps your personal data secure - and never give out your personal information unless you are certain you can trust the requesting entity.
TurboTax® is a registered trademark of Intuit, Inc.
H&R Block® is a registered trademark of HRB Innovations, Inc.