If/Then Scenarios for Taxpayers Who Get Phished

IRS Tax Tip 2018-98, June 26, 2018

The IRS reminds taxpayers that the agency does not initiate contact with taxpayers by email or text messages to request personal or financial information. This includes requests for PIN numbers, passwords or similar information for credit cards, banks and other financial accounts.

This is important for everyone to remember because thieves often pose as the IRS to get taxpayers to turn over personal information in a scam called phishing. Phishing is typically carried out through unsolicited emails or websites.

Here’s what a taxpayer should do if they see a suspicious communication from the IRS:

  • Email

    If someone receives an email claiming to be from the IRS that contains a request for personal information…
    Then the recipient should:
    • Not reply.
    • Not open any attachments. They can contain malicious code that may infect a computer or mobile phone.
    • Not click on any links.
    • Forward the email as-is to the IRS at phishing@irs.gov.
    • Delete the original email.
  • Website

    If someone discovers a website that claims to be the IRS but the user suspects it is bogus…
    Then they should:
    • Send an email with the URL of the suspicious site to phishing@irs.gov.
    • Include a subject line of “suspicious website.”
  • Text Message

    If someone receives an unsolicited text message claiming to be from the IRS…
    Then the recipient should:
    • Not reply.
    • Not open any attachments.
    • Not click on any links.
    • Forward the text as-is to the IRS at 202-552-1226. Standard text messaging rates apply.
    • If possible, in a separate text, forward the originating number to the agency at 202-552-1226.
    • Delete the original text.

If someone clicks on a link in a phishing email or text, or on a site they believe is bogus, they can visit the identity protection page for more information on steps to take to protect their information.

Subscribe to IRS Tax Tips