Security Pages

Fake IRS Emails, Phishing Be Aware


Christian Gertenbach, Unsplash

The IRS categorizes any email scam that involves tricking victims into revealing personal and financial information over the Internet as "phishing." The IRS does not initiate contact via email, text message, or social media channels; they do not demand, make threats, or ask people for PIN numbers, passwords, or other personal information for their credit card, bank, or other financial accounts. Every year, the IRS alerts taxpayers to the latest versions of these email scams. Learn more about tax fraud and prevention. practices multiple levels of security, assuring your information is safe when you prepare and e-file your tax return. Additionally, the IRS enforces multiple means to protect the identities of taxpayers. The IRS will not accept an e-filed tax return without the exact previous year adjusted gross income (AGI) and/or the most recently issued IRS Identity Protection PIN or IP-PIN. Additionally, as per law, to enforce security and identity protection, state tax returns can only be e-filed if they are submitted with the federal return with the exception of California state returns.

If you ever need to send tax payments to the IRS, always make the check payable to the U.S. Treasury as checks should never be written to a third party. The IRS will not threaten to send police or law enforcement to take your house if you owe small amounts of tax. If you know you do not owe taxes: hang up the phone, disregard the email, and report this to the IRS.

Have you received an unusual email from someone pretending to be the IRS? Forward it directly to the IRS at If you believe you have accidentally provided your information to identity thieves, the IRS suggests immediately creating an IP-PIN.

The Latest Email Tax Scams

Keep up with these scams so you, your family, and friends do not fall victim to any of them. The IRS will never initiate contact via email - if you receive an email requesting information, containing links, and claiming to be the IRS or associate with the IRS, it is likely a scam.

IRS "Dirty Dozen" tax scams

The IRS provides a collection of scams each year called the "Dirty Dozen" list; this warns taxpayers, tax professionals, and financial institutions of these schemes so more can be aware of them. This list typically is released by the IRS in the middle of the tax year - for example, the 2021 Dirty Dozen was finalized and released by the IRS in June of 2021. This information may be beneficial to taxpayers through the remainder of 2021 and into Tax Year 2022.

The IRS separated the 2021 Dirty Dozen into four categories:

  1. Pandemic related scams - potentially related to theft of Economic Impact Payments or stimulus checks.
  2. Personal information cons - a more common form of scam, includes phishing, ransomware, malware, etc.
  3. Ruses focusing on unsuspecting victims - most common, includes fake charities and often targets seniors or elderly.
  4. Schemes that persuade taxpayers into unscrupulous actions - examples include Offer In Compromise agreements which lure the victim into a feeling of security before the scam.

Below are some of the most recent email tax scams:

  • Spearphishing scams targeting tax professionals: The IRS is warning tax professionals and taxpayers of IRS scammers which attempt to steal their tax software preparation credentials. If you use or any other software, be on the lookout for emails that claim "your account has been put on hold" or "open this email to unlock your account" as these are scams trying to get users to sign in with their login credentials. See how to identify fake emails below.
  • Emails, texts about the advance Child Tax Credit or Stimulus Checks: Fake emails or text messages may be sent requesting information in order for a person to verify their identity to claim their advance Child Tax Credits payments or stimulus payments as part of the third stimulus bill. These inquiries may state that you need to provide your information in order to begin receiving your due payments. This is not true; the IRS issued these payments based on your most recently filed tax return. If you have already filed, then you do not need to verify yourself nor provide additional information. You may report this to the IRS by sending them information about the text, including date/time the text was received and the phone number it was sent to.
  • Unemployment fraud: Due to the COVID-19 Pandemic, many taxpayers experienced job loss and collected unemployment benefits during 2020 and 2021. Scammers took advantage of this by filing fraudulent claims using stolen identities; these payments went to the thieves while the person whose identity was compromised received a 1099-G. If you receive a 1099-G with suspicious information, like amounts you did not receive, you may have been affected by this. Contact the appropriate state tax agency.
  • Emails to students: The IRS will not email your school account, likely ending in a ".edu", requesting information. Students are often targeted because all it takes is one student to click on a link; this can give access to a mailing list of all students, spreading these emails. The email may state that something needs updating regarding your recent return in order to receive your tax refund and may ask you to click a link and fill an online form. Simply disregard the email or report it to the IRS directly.
  • Fake Tax Bills Related to the Affordable Care Act: These "bills" are emails with attachments of fake CP2000 IRS notices (the IRS only sends these notices via certified mail) related to 2015 Affordable Care Act underpayments for 2014 health insurance coverage. The emails request that taxpayers write a check to "I.R.S" and send it to the "Austin Processing Center" with a Post Office Box address, as well as send an electronic payment via clicking a link. 
  • Update IRS e-File Emails: These emails include a link to a fake website that looks like the official IRS website. They instruct the reader to "update your IRS e-file immediately.” by clicking the link and entering their information in the website that opens. The emails mention IRSgov and, but not (IRS-dot-gov). These emails are NOT from the IRS, so anyone who gets these types of emails should not respond to the email or click on any links in the email.
  • Emails Supposedly from the IRS Criminal Investigation Division: Emails purporting to be from IRS Criminal Investigation Division falsely state that the person is under a criminal probe for submitting a false tax return to the California Franchise Board. They seek to entice people to click on a link or open an attachment to learn more information about the complaint against them. DO NOT click the link in the email or open the attachment as they are a Trojan Horse which can take over a computer hard drive and allow someone remote access to it.
  • The IRS Acting as Arbitrator: This type of email suggests that a customer has filed a complaint against a company and the IRS can help to settle it. Different versions of the email are aimed at business and individual taxpayers. 
  • Requests for Bank Account Numbers: Other fraudulent email scams entice taxpayers to click their way to a fake IRS website and ask for bank account numbers. Another widespread email tells taxpayers the IRS is holding a tax refund for them and asks for financial account information.

How to Identify Fake Emails

Any email from the IRS is a scam if they are initiating contact first. It can be helpful to know how to identify one of these emails based on some identifying factors; this applies to scams in general, not just IRS phishing emails. See these tips:

  • Subject Line: The subject line should always be something regarding what the email will be about. You may see the subject line of URGENT or ATTENTION; these are only done to catch your eye. This is common and it is important to know that it is likely not urgent and is only said to me so the recipient will panic and open the email.
  • Greeting: If you have an account with a company, they will almost always address you by your name. If you are certain that you have an account with a company who you received an email from and they use a generic greeting, such as "sir" or "ma'am," be wary of this when reading the rest of the message.
  • Links: The email will have a link with it requesting that the recipient click it and enter some information. You may be asked to enter your personal information to receive a payment or that you need to verify your identity to unlock your account. Doing so would give your information directly to someone who should not have it. Often, these are long links containing various numbers and letters in no order. Inspect the link and take note of why you are being asked to click on it. Sometimes, the link is even disguised as a button; read the rest of the email to see why exactly you are being asked to click the button.
  • Message: The bulk of the email will try to convince you to click their link or button and enter your information as soon as possible. They want something you have, such as a passcode, your bank numbers, or other personal information. The email may ask you to verify yourself to unlock your account, for example, by filling out a form with your account information. Be aware of the language in the email; if you do click the link, take note of the address of the page, the legitimacy of the page, and review the information being requested.
  • Sender: If some of the above information has raised your concern, see where the email is coming from. Scammers may use a variation of a company's email and even use the company logo as their contact, appearing as the company itself. Be sure that the sender is a person you know or a company email which you have interacted with before and/or recognize.

How the IRS and State Agencies Fight Email Tax Scams

The IRS and the Treasury Inspector General for Tax Administration (TIGTA) work with the U.S. Computer Emergency Readiness Team (US-CERT) and various Internet service providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.

The IRS, in collaboration with state tax agencies, representatives of the software industry, and other tax preparation firms, has established the Security Summit. This organization combats identity fraud by assigning groups to various areas.