IRS Scams: Don't Get Phished!

Tax Day Brings Out the Scammers Every Year!

Be Vigilant! Do Not Fall for an IRS Hoax

Happy Tax Day!  Tax Time always seems to bring out the Scammers.  They inundate unsuspecting victims with e-mails, claiming to be from the IRS, in an attempt to steal your money, your identity, or both.  Most entice you to open an attachment or click on a link.  Doing either will only fill your system with malware.

All of the images in this post are examples of fake IRS e-mails.  As you can see, there are several different scams they try to get you with.  A common scam involves informing you you have a refund coming (see first image above.)  In order to claim the refund, you either have to open an attachment or click on a link.  DON'T DO IT.  If you hover your mouse over the ink, you will see it does NOT take you to the IRS site.  (Remember, it is IRS.gov, NOT IRS.com, IRSPay.com, or any other variation including the letters IRS.)

The second image is an example of an attachment scam.  The attachment purports to be an HTML web page; usually it is not.  More likely, the attachment is an EXE file (an executable application,) or a JAR file (a Java app.)  The attachment can contain a keylogger, ransomware, or data-stealing bots.  You WILL compromise your personal information if you open such an attachment.

Another type of scam e-mail warns you of issues with your IRS Account.  It may tell you your account is locked, or it may say you have missing information.  It may come addressed to "Dear Tax Payer," or it may actually use your name.  Either way, it's likely phony.

Most likely, you will receive few e-mails from the IRS.  If the IRS wants to get in touch with you, they will do so via US Mail.  If you have a real IRS issue, you will most likely be contacted via Registered or Certified mail.  You will NEVER be asked to open an attachment.  Also, the IRS will NEVER ask you for personal information, social security numbers, or passwords via e-mail.  They will NEVER embed a form in an e-mail.  If you get an e-mail like any on this page, the best thing to do is delete it and go on with your day.

Look for the following signs in ANY e-mail purporting to be from the IRS:

• Is it addressed to you BY NAME, with your CORRECT Social Security Number (or EIN for businesses)?  Or does it say Dear Sir, Dear Madam, or Dear Taxpayer?  ANY legitimate IRS communication will contain your FULL name and Taxpayer Identification Number.
• Does it ask you to scan and return documents?  Ask for username or password information?  Ask you to verify your Taxpayer ID?  If it does any of these things, it's a fake.
• Does it ask you to complete an embedded form?  Does it ask you to click on a link?  The IRS will direct you to log into IRS.gov, then follow a series of steps to reach an asset.  It will NEVER ask you to click on a shortened link, or to "click here" if it is really from the IRS.
• Does it say "See attachment?"  The IRS will NEVER send an attachment to an e-mail; they will send it via old-fashioned snail mail.
• Does it include ANY URL NOT associated with IRS.gov?  If it comes from, or leads to any variation, like IRS.com, it's a scam.
• Does the e-mail threaten you with  with lawsuits, imprisonment or other enforcement action?  The IRS will NEVER issue such threats, nor will they ask for payment via Bitcoin, Western Union, or Gift Card.

What If I've Already Clicked?

The FIRST thing to do is disconnect from the Internet and run a FULL malware scan on your computer.  You may need to disable Wi-fi.  On Windows 10, go into settings, then network, then wi-fi, and click the slider to "off."  Some PCs include a button to toggle wi-fi on and off.

Next, contact the credit bureaus and put a fraud alert on your account.  Alert your bank, financial institutions, and credit card companies.  Let them know you are afraid you have been a victim of identity theft.  Monitor your credit report for signs of accounts being opened in your name.

Next, visit the FTC.  File a complaint at https://www.identitytheft.gov/.

The IRS has a good reference on what to do at https://www.irs.gov/individuals/identity-protection.  If you are afraid you've been a victim of Tax-Related Identity Theft, contact the IRS for assistance at 1-800-908-4490. They DO have teams available to assist.

If your SSN is compromised and you suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:

• Respond immediately to any IRS notice; call the number provided.
• Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use a fillable form at IRS.gov, print, then attach the form to your return and mail according to instructions

Protect Yourself

Of course, the BEST thing to do is protect yourself from the beginning.  Turn on junk mail filtering in whatever e-mail application you use.  Junk mail filters will catch 90% of these phishing e-mails.  However, do not assume just because it winds up in your inbox instead of your spam folder that a mail is legit.  ALWAYS hover your mouse over any link before clicking to see where it goes.  Double check "from" address.  Hit the "reply" key to see where a reply to that e-mail would actually go. Chances are it is NOT to someone@IRS.gov, but rather, to different domain.  This should raise another red flag.

NEVER assume any attachment is safe.  Even zip folders can contain malware.  Be on the lookout for double file extensions (like doc.pdf.exe or image.jpg.jar.)  NEVER open ANY attachment ending in .js, .jar, or .exe.  When in doubt, pick up the phone and call.  (This is a good rule of thumb for ANY unexpected e-mail with an attachment or embedded form,.)  And be aware the scammers KNOW the word "IRS" tends to invoke panic.  Do not let that panic lead to a click.

Have You Been Phished?

I have received hundreds of these fake e-mails myself.  Luckily, I have not fallen for a single one.  Have you been caught by a phishing e-mail?  Had a close call?  Share your own experiences in the comments section.