The IRS is again warning taxpayers about phishing and smishing schemes as part of this year’s Dirty Dozen.
The “Dirty Dozen” is an annual list of common scams taxpayers may encounter. Many of these schemes peak during tax filing season as people prepare their returns or hire someone to help with their taxes. The schemes put taxpayers and tax professionals at risk of losing money, personal information, data, and more.
You can read about the first scam on the list this year—aggressive ERC grabs—here.
Phishing And Smishing
Phishing and smishing may sound fun (the 90s grunge fan in me immediately thinks of moshing), but they are far from it. These are fake communications posing as actual notices from legitimate organizations intended to trick you.
Specifically, phishing is a form of email sent by scammers who are impersonating the IRS or other legitimate organization. The email lures victims by pretending to have something of value—like a phony tax refund—or scaring them into believing that they must act immediately—like suggesting false criminal charges are imminent.
One recent example is a phony email claiming to come from the IRS with a subject line advising that it’s a notice of underreported income. The email may include an attachment or a link to a bogus web page meant to look like the IRS website with a “tax statement.” When you open the attachment or click on the link, you download malware to your computer. That can take over your computer’s hard drive, allowing someone remote access to your computer, including passwords and other information that can be used to commit identity theft.
Smishing is similar to phishing, but instead of email, scammers use a text or smartphone SMS message. Scammers often use intimidating language like, “Your account has now been put on hold,” or “Unusual Activity Report” with a bogus link to restore your account. Last fall, the IRS received reports of smishing lures like fake Covid relief opportunities, tax credit scams, or alleged help setting up an IRS online account. Again, scammers hope that you’ll click a link so that they can collect information from you or send malicious code to your phone.
“Email and text scams are relentless, and scammers frequently use tax season as a way of tricking people,” said IRS Commissioner Danny Werfel. “With people anxious to receive the latest information about a refund or other tax issue, scammers will regularly pose as the IRS, a state tax agency or others in the tax industry in emails and texts. People should be incredibly wary about unexpected messages like this that can be a trap, especially during filing season.”
The IRS reminds taxpayers that your first contact with the agency will tend to be through the mail. The IRS will never initiate contact with taxpayers by email, text, or social media regarding a bill or tax refund.
To protect yourself, if you receive any unsolicited communication claiming to be from the IRS via email or text:
- Don’t respond. Any engagement could put you at risk. Remember, this is how scammers make a living—their goal is to persuade you to give up your information, so don’t give them an additional opportunity.
- Don’t open attachments. Even if they look harmless, they can contain malicious code that may infect your computer or mobile phone.
- Don’t click on links. Visit the IRS identity protection page if you clicked on links in a suspicious email or website and entered confidential information.
- Forward the text or email, preferably with the full email headers, to email@example.com. Send the whole email and not a scan (simply forwarding scanned images removes valuable information). The IRS also asks that you include the sender’s contact information (email or phone number), date, time and time zone, and the number that received the message.
- Delete the original email or text.
The Federal Communications Commission has a Smartphone Security Checker that provides useful tips. It features best practices on how to set pins and passwords, where to find security apps, how to enable remote locating and data wiping, and how to back up and secure your data if your device is lost or stolen. There is also information on how to safely use public Wi-Fi networks and what steps to take if your phone is stolen.
Report Bad Actors
As part of the Dirty Dozen awareness effort, the IRS encourages you to report scams to the Treasury Inspector General for Tax Administration or the Internet Crime Complaint Center. The agency also advocates reporting individuals who promote improper and abusive tax schemes as well as tax return preparers who deliberately prepare improper returns. To report an abusive tax scheme or a tax return preparer, file Form 14242, Report Suspected Abusive Tax Promotions or Preparers, with any supporting evidence to the IRS Lead Development Center in the Office of Promoter Investigations.