How to forward the header of a phishing email

If you receive an email claiming to be from the IRS, Treasury, and/or is tax-related that you believe is suspicious:

  • Do not reply. If you reply the phisher may send you a follow-up email that contains a malicious URL and/or malicious attachment.
  • Do not click, save or open any attachments. Attachments may contain malicious code that will infect your computer.
  • Do not click on any links. If you clicked on a link in an IRS, Treasury or tax-related phishing email, and then entered your personal or financial information, please visit our identity protection page.

Please include the full email headers of the original communication that you received using one of the below methods:

If the above methods do not work, at a minimum, please send the underlying URL of the phishing website to phishing@irs.gov.

The raw text of the email and/or the URL of the website is preferred over screenshots.

The IRS uses the information you provide to alert service providers to help shut down the fraudulent sites, email addresses, etc.

Main phishing resource page

Report phishing and online scams