Where is My Refund?   |   Why eFile?

Fake IRS Emails, Phishing Be Aware


Christian Gertenbach, Unsplash

The IRS categorizes any email scam that involves tricking victims into revealing personal and financial information over the Internet as "phishing." The IRS does not initiate contact via email, text message, or social media channels. They also do not ask people for PIN numbers, passwords, or other personal information for their credit card, bank, or other financial accounts. Every year, the IRS alerts taxpayers to the latest versions of these email scams. Learn more about tax fraud and prevention.

eFile.com practices multiple levels of security, assuring your information is safe when you prepare and e-file your tax return. Additionally, the IRS enforces multiple means to protect the identities of taxpayers. The IRS will not accept an e-filed tax return without the exact previous year adjusted gross income (AGI) and/or the most recently issued IRS Identity Protection PIN or IP-PIN. Additionally, as per law, to enforce security and identity protection, state tax returns can only be e-filed if they are submitted with the federal return with the exception of California state returns.

Have you received an unusual email from someone pretending to be the IRS? Forward it directly to the IRS at phishing@irs.gov. If you believe you have accidentally provided your information to identity thieves, the IRS suggests immediately creating an IP-PIN.

The Latest Email Tax Scams

Keep up with these scams so you, your family, and friends do not fall victim to any of them. The IRS will never initiate contact via email - if you receive an email requesting information, containing links, and claiming to be the IRS or associate with the IRS, it is likely a scam.

IRS "Dirty Dozen" tax scams

The IRS provides a collection of scams each year called the "Dirty Dozen" list; this warns taxpayers, tax professionals, and financials institutions of these schemes so more can be aware of them. This list typically is released by the IRS in the middle of the tax year - for example, the 2021 Dirty Dozen was finalized and released by the IRS in June of 2021. This information may be beneficial to taxpayers through the remainder of 2021 and into Tax Year 2022.

The IRS separated the 2021 Dirty Dozen into four categories:

  1. Pandemic related scams - potentially related to theft of Economic Impact Payments or stimulus checks.
  2. Personal information cons - a more common form of scam, includes phishing, ransomware, malware, etc.
  3. Ruses focusing on unsuspecting victims - most common, includes fake charities and often targets seniors or elderly.
  4. Schemes that persuade taxpayers into unscrupulous actions - examples include Offer In Compromise agreements which lure the victim into a feeling of security before the scam.

Below are some of the most recent email tax scams:

  • Emails, texts about the advance Child Tax Credit or Stimulus Checks: Fake emails or texts may be sent requesting information in order for a person to verify their identity to claim their advance Child Tax Credits payments as part of the third stimulus bill. These inquiries may state that you need to provide your information in order to begin receiving your due payments. This is not true; the IRS is issuing these payments based on your most recently filed tax return. If you have already filed, then you do not need to verify yourself nor provide additional information.
  • Unemployment fraud: Due to the COVID-19 Pandemic, many taxpayers experienced job loss and collected unemployment benefits during 2020 and 2021. Scammers took advantage of this by filing fraudulent claims using stolen identities; these payments went to the thieves while the person whose identity was compromised received a 1099-G. If you receive a 1099-G with suspicious information, like amounts you did not receive, you may have been affected by this. Contact the appropriate state tax agency.
  • Emails to students: The IRS will not email your school account, likely ending in a ".edu", requesting information. Students are often targeted because all it takes is one student to click on a link; this can give access to a mailing list of all students, spreading these emails. The email may state that something needs updating regarding your recent return in order to receive your tax refund and may ask you to click a link and fill an online form. Simply disregard the email or report it to the IRS directly.
  • Fake Tax Bills Related to the Affordable Care Act: These "bills" are emails with attachments of fake CP2000 IRS notices (the IRS only sends these notices via certified mail) related to 2015 Affordable Care Act underpayments for 2014 health insurance coverage. The emails request that taxpayers write a check to "I.R.S" and send it to the "Austin Processing Center" with a Post Office Box address, as well as send an electronic payment via clicking a link. 
  • Update IRS e-File Emails: These emails include a link to a fake website that looks like the official IRS website. They instruct the reader to "update your IRS e-file immediately.” by clicking the link and entering their information in the website that opens. The emails mention IRSgov and USA.gov, but not IRS.gov (IRS-dot-gov). These emails are NOT from the IRS, so anyone who gets these types of emails should not respond to the email or click on any links in the email.
  • Emails Supposedly from the IRS Criminal Investigation Division: Emails purporting to be from IRS Criminal Investigation Division falsely state that the person is under a criminal probe for submitting a false tax return to the California Franchise Board. They seek to entice people to click on a link or open an attachment to learn more information about the complaint against them. DO NOT click the link in the email or open the attachment as they are a Trojan Horse which can take over a computer hard drive and allow someone remote access to it.
  • The IRS Acting as Arbitrator: This type of email suggests that a customer has filed a complaint against a company and the IRS can help to settle it. Different versions of the email are aimed at business and individual taxpayers. 
  • Requests for Bank Account Numbers: Other fraudulent email scams entice taxpayers to click their way to a fake IRS website and ask for bank account numbers. Another widespread email tells taxpayers the IRS is holding a tax refund for them and asks for financial account information.

How to Identify Fake Emails

Any email from the IRS is a scam if they are initiating contact first. It can be helpful to know how to identity one of these emails based on some identifying factors; this applies to scams in general, not just IRS phishing emails. See these tips:

  • Subject Line: The subject line should always be something regarding what the email will be about. You may see the subject line of URGENT or ATTENTION; these are only done to catch your eye. This is common and it is important to know that it is likely not urgent and is only said to me so the recipient will panic and open the email.
  • Greeting: If you have an account with a company, they will almost always address you by your name. For example, if you have an eFile.com account, we will begin an email by using your first name. If you are certain you have an account with a company who you received an email from and they use a generic greeting, such as "sir" or "ma'am," be wary of this when reading the rest of the message.
  • Links: The email will have a link with it requesting that the recipient click it and enter some information. You may be asked to enter your personal information to receive a payment or that you need to verify your identity to unlock your account. Doing so would give your information directly to someone who should not have it. Often, these are long links containing various numbers and letters in no order. Inspect the link and take note of why you are being asked to click on it. Sometimes, the link is even disguised as a button; read the rest of the email to see why exactly you are being asked to click the button.
  • Message: The bulk of the email will try to convince you to click their link or button and enter your information as soon as possible. They want something you have, such as a passcode, your bank numbers, or other personal information. The email may ask you to verify yourself to unlock your account, for example, by filling out a form with your account information. Be aware of the language in the email; if you do click the link, take note of the address of the page, the legitimacy of the page, and review the information being requested.
  • Sender: If some of the above information has raised your concern, see where the email is coming from. Scammers may use a variation of a company's email and even use the company logo as their contact, appearing as the company itself. Be sure that the sender is a person you know or a company email which you have interacted with before and/or recognize.

How the IRS and State Agencies Fight Email Tax Scams

The IRS and the Treasury Inspector General for Tax Administration (TIGTA) work with the U.S. Computer Emergency Readiness Team (US-CERT) and various Internet service providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.

The IRS, in collaboration with state tax agencies, representatives of the software industry, and other tax preparation firms, has established the Security Summit. This organization combats identity fraud by assigning groups to various areas.