Taxpayer Beware: Email Phishing Scams
The IRS reported a surge in phishing scams during the 2018 tax season. Phishing schemes are designed by cyber criminals who attempt to lure unsuspecting victims into revealing their personal and financial information, usually through unsolicited emails. You can avoid becoming a victim of fraud if you know what to look for.
Key Takeaways
- Phishing emails often direct you to fake websites mimicking legitimate businesses to steal your personal and financial info.
- IRS-related phishing emails might use incorrect web addresses like "IRSgov" without a dot and falsely claim you need to update your account.
- Don't respond to or click on links in suspicious emails; instead, forward them to the IRS at phishing@irs.gov and delete them.
- Report any monetary losses from phishing scams to the Treasury Inspector General for Tax Administration and the Federal Trade Commission.
How Email Phishing Works
Phishing emails usually contain messages directing the recipient to a “spoof website”—a bogus version of a legitimate business' website. The messages often appear to be from an organization that the recipient is associated with financially, such as a bank or the Internal Revenue Service.
For example, you might be asked to click on a link to confirm your identity or update your information. But the sender’s goal is to steal your personal or financial information, including passwords, Social Security number and credit card data, and use it to commit fraud. Phishing emails may also contain attachments that embed malicious software and can harm your computer.
How to Detect IRS-Related Phishing Emails
A tax-related phishing email often mentions "IRSgov,” instructing you to update your IRS online account right away. The most telling sign that it’s a scam is the missing dot between “IRS” and “gov" in the web address.
Other phishing emails can state that:
- You qualify for a refund, but you must click on a link and fill out a form to access it.
- Your credit card funds were fraudulently used by someone else, but you can recover some of the money by visiting the included website.
- You will get a large sum in lottery winnings, a tax refund or an inheritance if you provide your personal and financial information.
Remember, the IRS will never contact you via phone, email, fax or social media to request personal or financial data or demand immediate payment. If you’re unsure whether a mailed notice is genuinely from the IRS, call the agency to find out.
TurboTax Tip:
Be wary of emails with generic salutations, poor grammar, and mismatched web addresses, as these are common signs of phishing attempts.
How to Handle Tax Phishing Scams
If you receive a suspicious email claiming to be from the IRS:
- Do not respond or click on any links or open any attachments.
- Forward the email in its original form to the IRS at phishing@irs.gov.
- Delete the email from your inbox and trash folder.
- Report suspicious phone calls, faxes, text messages and mailed letters to phishing@irs.gov.
- Report monetary losses to the Treasury Inspector General for Tax Administration (TIGTA) and the Federal Trade Commission websites.
How to Spot Other Phishing Attacks
Phishing scams are a threat to consumers in general, so keep an eye out for attacks unrelated to the IRS. Be suspicious of emails stating that you will lose something—such as your bank account or email account—if you don’t respond or click on the stated link immediately. Signs of phishing schemes that imitate well-known businesses can contain:
- Generic email salutations, such as "Dear valued customer," instead of your name.
- Poor grammar or spelling errors.
- Conflicting web addresses: Place your mouse over the link to see if the URL matches the typed web address in the message. If it doesn’t, it’s likely a scam. Avoid clicking the link.
- Web addresses that resemble those of prominent businesses, but are slightly different.
- For example, the URL of a spoof site mimicking PayPal.com may begin with "http" instead of "https."
- Or the web address may be something like "secure-paypal.com" instead of PayPal's actual URL.
- Report non-IRS phishing scheme to the FTC.
Learn more about how to spot scams and where to report them here, https://www.irs.gov/uac/Report-Phishing.
With TurboTax Live Full Service, a local expert matched to your unique situation will do your taxes for you start to finish. Or, get unlimited help and advice from tax experts while you do your taxes with TurboTax Live Assisted.
And if you want to file your own taxes, TurboTax will guide you step by step so you can feel confident they'll be done right. No matter which way you file, we guarantee 100% accuracy and your maximum refund.