Impersonating the IRS is a favorite way for scammers to intimidate their victims. Who isn’t afraid of the IRS? It’s gotten even worse recently with all those tempting Economic Impact Payments and other COVID-19 funding just waiting to be stolen. Email phishing scams allow criminals to hit thousands of potential victims in seconds, and then sit back and watch how much money they can reel in.
At the end of March, the IRS warned about another IRS impersonation scam that targets educational institutions, including students and staff who have “.edu” email addresses. The scam emails display the IRS logo and use various subject lines to get potential victims’ attention, such as “Tax Refund Payment” or “Recalculation of your tax refund payment.”
The phishing emails ask people to click a link and submit a form to claim their refund. Who wouldn’t want a refund, right? The problem is, the link asks for all kinds of personal information, like:
- Social Security number
- First Name
- Last Name
- Date of Birth
- Prior Year Annual Gross Income (AGI)
- Driver’s License Number
- Current Address
- State/U.S. Territory
- ZIP Code/Postal Code
- Electronic Filing PIN
The IRS would never ask for personal information. So, what should you do with a scam email?
Resist temptation to open or reply to any suspicious email, no matter how enticing. And don’t even think about clicking on a link in a suspicious email!
- Report to Authorities and Delete
Report phishing emails to the Federal Trade Commission at www.ftc.gov/complaint and to the Anti-Phishing Working Group at [email protected]. Forward tax-related emails to the IRS at [email protected]. After reporting, delete the original email.
Need more protection and detection help? The IRS has it for you here – https://www.irs.gov/businesses/small-businesses-self-employed/tax-scams-how-to-report-them and the Federal Trade Commission has more for you here – https://reportfraud.ftc.gov/#/?pid=A.
I hadn’t quite decided on this week’s blog topic when I saw an e-mail snagged in my spam folder. The sender was “IRS”. The heading was “Second Notice of Delinquent Taxes”. What a gift! A blog topic!
Like many taxpayers who receive a message from the “IRS” dunning them for cash, I knew that I didn’t owe the IRS anything. Thankfully, I knew better than to open or reply to it. Keep reading to know how to identify phishing, and what to do when it happens to you.
1. What is phishing?
Phishing is a scam usually done through unsolicited email and/or websites that pose as legitimate senders or sites. Scammers use phishing to lure unsuspecting victims to provide personal and financial information. Bogus emails can appear to come from the IRS or your tax professional requesting information, including mother’s maiden name, passport and account information that is used to steal your identity and assets.
- How do I know if it’s phishing or really the IRS?
The easiest way to check for phishing is to place your cursor over the sender’s name, revealing the sender’s e-mail address. An address that doesn’t look legitimate is probably a scam. For the IRS, anything other than “irs.gov” is suspect. The IRS doesn’t initiate contact with taxpayers by email, texts or social media to request money or financial information. Most IRS communication is still through the good, old-fashioned USPS.
- What should I do with a phishing e-mail claiming to be from the IRS?
If you receive an email claiming to be from the IRS that contains a request for delinquent tax balances or financial information, immediately do the following:
- Don’t reply.
- Don’t open any attachments. They can contain malicious code that may infect your computer or mobile phone.
- Don’t click on any links. Visit the IRS’ identity protection page if you clicked on links in a suspicious email or website and entered confidential information.
- Forward the email as-is to the IRS at [email protected].
- Delete the original email.
Don’t get phished! When you get an e-mail that looks suspicious or is from an unfamiliar sender, stop and check it out before deciding to open it. If it’s phishing for your tax dollars, don’t even think about opening it! Just forward to [email protected] and delete!