Consumers should protect themselves against online identity theft and other scams that increase during and linger after the filing season. Such scams may appropriate the name, logo, or other appurtenances of the IRS or U.S. Department of the Treasury to mislead taxpayers into believing the communication is legitimate.
Scams involving the impersonation of the IRS usually take the form of e-mails, tweets, or other online messages to consumers. Scammers may also use phones and faxes to reach intended victims. Some scammers set up phony Web sites.
Generally, the IRS does not send unsolicited e-mails to taxpayers. Further, the IRS does not discuss tax account information with taxpayers via e-mail or use e-mail to solicit sensitive financial and personal information from taxpayers. The IRS does not request financial account security information, such as PIN numbers, from taxpayers.
Most scams impersonating the IRS are identity theft schemes. In this type of scam, the scammer poses as a legitimate institution to trick consumers into revealing personal and financial information – such as passwords and Social Security, PIN, bank account and credit card numbers – that can be used to gain access to their bank, credit card, or other financial accounts.
Attempted identity theft scams that take place via e-mail are known as phishing. Other scams may try to persuade a victim to advance sums of money in the hope of realizing a larger gain. These are known as advance fee scams.
Most of the scams that impersonate the IRS are identity theft scams. Typically, a consumer will receive an e-mail that claims to come from the IRS or Treasury Department. The message will contain an enticing or intimidating subject line, such as “Tax Refund,” “Inherited Funds,” or “IRS Notice.” Usually, the message will state that the recipient needs to provide the IRS with information to obtain the refund or avoid some penalty. The message will instruct the consumer to open an attachment or click on a link in the e-mail. This may lead to an official-looking IRS Web site. The look-alike site will then contain a phony but genuine-looking online form or interactive application that requires personal and financial information, which the scammer then uses to commit identity theft.
Alternatively, the clicked link may secretly download malware to the consumer’s computer. Malware is malicious code that can take over the computer’s hard drive, giving the scammer remote access to the computer, or it could look for passwords and other information and send them to the scammer.
In many IRS-impersonation scams, the scammer sends the consumer to a phony Web site that mimics the appearance of the genuine IRS Web site, IRS.gov. This allows the scammer to steer victims to phony interactive forms or applications that appear genuine but require the targeted victim to enter personal and financial information that will be used to commit identity theft.
The official Web site for the Internal Revenue Service is IRS.gov, and all IRS.gov Web page addresses begin with http://www.irs.gov/.
In addition to Web sites established by scammers, there are commercial Internet sites that often resemble the authentic IRS site or contain some form of the IRS name in the address but end with a .com, .net, .org, or other designation instead of .gov. These sites have no connection to the IRS. Consumers may unknowingly visit these sites when searching the Internet to retrieve tax forms, publications, and other information from the IRS.
There are a number of scams that impersonate the IRS. Some of them appear with great frequency, particularly during and right after filing season, and recur annually. Others are new.
The contents of other IRS-impersonation scams vary but may claim that the recipient will be paid for participating in an online survey or is under investigation or audit. Some scam e-mails have referenced Recovery-related tax provisions, such as Making Work Pay, or solicited for charitable donations to victims of natural disasters. Taxpayers should beware an e-mail scam that references underreported income and the recipient’s “tax statement,” since clicking on a link or opening an attachment is known to download malware onto the recipient’s computer.
Many e-mail scams are fairly sophisticated and hard to detect. However, there are signs to watch for, such as an e-mail that:
Taxpayers who receive a suspicious e-mail claiming to come from the IRS should take the following steps:
If you’ve received an email claiming to be from the IRS, call us to talk it over before taking any action. We don’t want you to fall victim to a scam.