Avoid IRS Phishing Scams


These days, phishing scams pose as any individual or organization to try to gain access to your personally identifiable information (PII). Phone calls and emails are the most utilized methods for such scams. For the year 2018, the IRS reported that phishing scams had nearly doubled the numbers of 2017.

Notably, the IRS wants you to avoid scams that mention “IRS Important Notice” or “IRS Taypayer Notice.” Usually these titles appear in the subject lines of emails sent by scammers. Often, the enclosed messages demand payment from taxpayers or threaten to seize the recipient’s tax refund. Individuals are scared into giving up their PII to avoid the fines, lawsuits or jail time that is often threatened in these messages if there is no response.

Once criminals have received your information, it can be used to fraudulently apply for credit cards and bank loans in your name or to file your tax returns. Two recent phishing strategies were the “Tax Transcipt” and “Refund Deposit” scams. The Tax Transcript scam included a link that installs malware designed to steal your financial information. The Refund Deposit Scam utilizes stolen PII to file a tax return that deposits the refund in your correct account, but then the criminals pose as an IRS agent or collection agency to alert victims that the refund was erroneously deposited. They will then provide an address for you to “return” the deposit to.

The IRS Newswire seeks to help taxpayers avoid such scams by providing a list of steps you can take to avoid phishing scams:

  • “Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends, and family—including the IRS and others in the tax business. Thieves may have compromised a friend’s email address, or they may be spoofing the address with a slight change in text, such as name@example.com vs narne@example.com. In the latter, merely changing the “m” to an “r” and “n” can trick people.
  • Remember, the IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests.
  • Phishing schemes thrive on people opening the message and clicking on hyperlinks. When in doubt, don’t use hyperlinks and go directly to the source’s main web page. Remember, no legitimate business or organization will ask for sensitive financial information via email.
  • Use security software to protect against malware and viruses found in phishing emails. Some security software can help identity suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password—creating opportunities to build phishing schemes. Experts recommend the use of a passphrase, instead of a password, use a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
  • Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.”