Phishing and Other Schemes Using the IRS Name
The IRS periodically alerts taxpayers to schemes that fraudulently use the IRS name, logo or Web site clone to to gain access to consumers’ financial information in order to steal their identity and assets.
The scams may take place through e-mail, fax or phone. When they take place via e-mail, they are called “phishing” scams. The IRS website has information that can help you protect yourself from tax scams of all kinds. Search the site using the term: phishing.
The following is a list of known schemes:
- The IRS warns consumers about a new tax scam that uses a website that mimics the IRS e-Services online registration page. The actual IRS e-Services page offers web-based products for tax preparers, not the general public. The phony web page looks almost identical to the real one. The IRS gets many reports of fake websites like this. Criminals use these sites to lure people into providing personal and financial information that may be used to steal the victim’s money or identity. The address of the official IRS website is www.irs.gov. Don’t be misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. [Added October 2012]
- A combination email and text message phishing scam that appears to be from the IRS lures people to a malicious website. The false message informs recipients that a federal tax transaction recently initiated from their checking account was "rejected by the Electronic Federal Tax Payment System." The scammer's true email address is masked as a legitimate IRS account (email@example.com). Do not fall for this scam – the IRS does not initiate contact with taxpayers by email or social media to request personal or financial information. [Added August 2012]
- A 2012 phishing scam involves a bogus email informing recipients that they will be penalized up to $10,000 for failing to a tax return on time. The scam references a false deadline of January 31, 2012 and Section 6038 and can include the subject line, "Penalty for not filing tax return on time." The email directs taxpayers to a phony web site that appears to be the official IRS site. Taxpayers who click on the email link are taken to a phony site and asked to provide personal or financial information that can be used by scammers and identity thieves. The alleged penalty and the deadline are both fictitious. The tax deadline for 2012 is April 17, 2012. The IRS does not initiate contact with taxpayers by email or any social media tools to request personal or financial information. [Added February 2012]
- A malicious e-mail, which claims to come from the IRS Tax Forums, requests that recipients register for this event for tax professionals by using an attached registration form. This is not a legitimate request from the IRS. The email contains a malicious attachment and a malicious URL. Do not open the attachment or click on the links provided in the email. The IRS does not send registration forms by e-mail but makes them available instead on the Nationwide Tax Forums Website. If you receive this email please forward it to firstname.lastname@example.org and then delete the email. [Added July 2011]
- This phishing e-mail, which claims to come from the IRS, references the president and the Making Work Pay provision of the 2009 economic recovery law. It says that there is a refundable credit available to workers, consumers and retirees that can be paid into the recipient’s bank account if the recipient registers their account information with the IRS. The e-mail contains links to register the account and to claim the tax refund. In reality, most taxpayers receive their Making Work Pay tax credit, which was designed for wage earners, in their paychecks as a result of decreased tax withholding, not as a lump sum distribution from a federal fund. Additionally, consumers and retirees who are not wage earners are not eligible for this tax credit. [Added October 2009]
- In this phishing scheme, recipients receive an e-mail claiming to come from the U.S. Department of the Treasury notifying them that they will receive millions of dollars in recovered funds or lottery winnings or cash consignment if they provide certain personal information, including phone numbers, via return e-mail. The e-mail may be just the first step in a multi-step scheme, in which the victim is later contacted by telephone or further e-mail and instructed to deposit taxes on the funds or winnings before they can receive any of it. Alternatively, they may be sent a phony check of the funds or winnings and told to deposit it but pay 10 percent in taxes or fees. Thinking that the check must have cleared the bank and is genuine, some people comply. However, the scammers, not the Treasury Department, will get the taxes or fees. [Added October 2009]
- In a new scam, both a form and cover letter, supposedly from the IRS, are faxed to people with instructions to fax the completed form back to the number contained in the form. The letter says that the IRS requires an update of the recipient's tax information and promises to deposit a nominal tax refund to the recipient's bank account in return. The form is a "substitute and recertification" Form 1040, titled "Certificate of Current Status of Beneficial Owner For United States Tax Recertification & Withholding." The form requests detailed personal and financial information, such as mother's maiden name and bank account and PIN numbers, that can be used to steal the identity and access the bank accounts of anyone who responds to this scam. In reality, there is no such form and the IRS does not ask taxpayers to provide the type of information specified on the form. [Added June 2008]
- Some people have received phone calls about the economic stimulus payments, in which the caller impersonates an IRS employee. The caller asks the taxpayer for their Social Security and bank account numbers, claiming that the IRS needs the information to complete the processing of the taxpayer's stimulus payment. In reality, the IRS uses the information contained on the taxpayer's tax return to process stimulus payments, rather than contacting taxpayers by phone or e-mail. [Added April 2008]
- An e-mail claiming to come from the IRS about the "2008 Economic Stimulus Refund" tell recipients to click on a link to fill out a form, apparently for direct deposit of the payment into their bank account. This appears to be an identity theft scheme to obtain recipients' personal and financial information so the scammers can clean out their victims' financial accounts. In reality, taxpayers do not have to fill out a separate form to get a stimulus payment or have it directly deposited; all they had to do was file a tax return and include direct deposit information on the return. [Added April 2008]
- A scheme in which a tax refund form is e-mailed, supposedly by the Taxpayer Advocate Service (a genuine and independent organization within the IRS which assists taxpayers with unresolved problems), is particularly blatant in the amount and type of information it requests. The top of the form tells the recipient that they are eligible for a tax refund for a specified amount. The form asks for name, address and phone number and a substantial amount of financial information, such as bank account number, credit card number and expiration date, ATM PIN number and more. It also asks for mother's maiden name (frequently used by many people as an account security password). At the bottom is a phony name and signature, claiming to be that of the Taxpayer Advocate. The implication is that the taxpayer must fill in and submit the form to receive a tax refund. In reality, taxpayers claim their tax refunds through the filing of an annual tax return, not a separate application form. [Added April 2008]
- A new variation of the refund scheme (see items below) is directed toward organizations that distribute funds to other organizations or individuals. In an attempt to seem legitimate, the scam e-mail claims to be sent by, and contains the name and supposed signature of, the Director of the IRS Exempt Organizations area of the IRS. The e-mail asks recipients to click on a link to access a form for a tax refund. In reality, taxpayers claim their tax refunds through the filing of an annual tax return, not a separate application form.
- In a variation, an e-mail scam claims to come from the IRS and the Taxpayer Advocate Service (a genuine and independent organization within the IRS whose employees assist taxpayers with unresolved tax problems). The e-mail says that the recipient is eligible for a tax refund and directs the recipient to click on a link that leads to a fake IRS Web site.
- A scam e-mail that appears to be a solicitation from the IRS and the U.S. government for charitable contributions to victims of the recent Southern California wildfires has been making the rounds. A link in the e-mail, when clicked, sends the e-mail recipients to a Web site that looks like the IRS Web site, but isn't. They are then directed to click on a link that opens a donation form that asks for personal and financial information. The scammers can use that information to gain access to the e-mail recipients' financial accounts.
- A recent e-mail scam tells taxpayers that the IRS has calculated their "fiscal activity" and that they are eligible to receive a tax refund of a certain amount. Taxpayers receive a page of, or are sent to, a Web site (titled "Get Your Tax Refund!") that copies the appearance of the genuine "Where's My Refund?" interactive page on the genuine IRS Web site. Like the real "Where's My Refund?" page, taxpayers are asked to enter their SSNs and filing status. However, the phony Web page asks taxpayers to enter their credit card account numbers instead of the exact amount of refund as shown on their tax return, as the real "Where's My Refund?" page does.
- In a new phishing scam, an e-mail purporting to come from the IRS advises taxpayers they can receive $80 by filling out an online customer satisfaction survey. In addition to standard customer satisfaction survey questions, the survey requests the name and phone number of the participant and also asks for credit card information.
- In another recent scam, consumers have received a "Tax Avoidance Investigation" e-mail claiming to come from the IRS' "Fraud Department" in which the recipient is asked to complete an "investigation form," for which there is a link contained in the e-mail, because of possible fraud that the recipient committed. It is believed that clicking on the link may activate a Trojan Horse.
- An e-mail scheme claiming to come from the IRS's Criminal Investigation division tells the recipient that they are under a criminal probe for submitting a false tax return to the California Franchise Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them. The e-mail link and attachment contain a Trojan Horse that can take over the person’s computer hard drive and allow someone to have remote access to the computer.
- Another scheme suggests that a customer has filed a complaint against a company, of which the e-mail recipient is a member, and that the IRS can act as an arbitrator. This appears to be aimed at business as well as individual taxpayers.
- One e-mail scam, fraught with grammatical errors and typos, looks like a page from the IRS Web site and claims to be from the "IRS Antifraud Comission" (sic), a fictitious group. The e-mail claims someone has enrolled the taxpayer's credit card in EFTPS and has tried to pay taxes with it. The e-mail also says there have been fraud attempts involving the taxpayer's bank account. The e-mail claims money was lost and "remaining founds" (sic) are blocked. Recipients are asked to click on a link that will help them recover their funds, but the subsequent site asks for personal information that the thieves could use to steal the taxpayer’s identity.
- E-mails claiming to come from email@example.com, firstname.lastname@example.org and similar variations told the recipients that they were eligible to receive a tax refund for a given amount. It directed recipients to claim the refund by using a link contained in the e-mail which sent the recipient to a Web site. The site, a copy of the IRS Web site, displayed an interactive page similar to a genuine IRS one; however, it had been modified to ask for personal and financial information that the genuine IRS interactive page does not require.The Treasury Inspector General for Tax Administration (TIGTA) has found numerous separate Web sites in at least 20 different countries hosting variations on this scheme.
- A bogus IRS letter and Form W-8BEN (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding) asked non-residents to provide personal information such as account numbers, PINs, mother’s maiden name and passport number. The legitimate IRS Form W-8BEN, which is used by financial institutions to establish appropriate tax withholding for foreign individuals, does not ask for any of this information.
Return to Suspicious e-Mails and Identity Theft.