How to Forward the Header of a Phishing Email

It is important that the original communication you received is included, as well as Internet headers. The following instructions will assist you in forwarding a phishing communication to us at

If you receive an email or find a website you think is claiming to be the IRS

  1. Do not reply.
  2. Do not open any attachments. Attachments may contain malicious code that will infect your computer.
  3. Do not click on any links. If you clicked on links in a suspicious email or phishing website and entered confidential information, visit our identity protection page.

Report email claiming to be from the IRS or bogus IRS websites to us by using the following steps

  1. Forward the email or the URL of the website to the IRS at
  2. You can forward the email message as received or provide the Internet header of the e-mail. The Internet header has additional information to help us locate the sender.
  3. After you forward the email or header information to us, delete the message you received.

If the methods above do not work, at a minimum, please send the underlying link of the phishing website.

If the suspicious e-mail includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.

The IRS can use the information, URLs and links in the suspicious e-mails you forward to trace the hosting website and alert authorities to help shut down the fraudulent sites.

Main phishing resource page

How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web sites