It’s become all too regular an occurrence for the Internal Revenue Service (IRS) to warn taxpayers of a new scam. Thousands of taxpaying citizens have lost millions of dollars through scams, with new schemes appearing as quickly as people can be made aware of them.
The solution? Taxpayers have to be aware of how the IRS will contact them and the information they will request of them, as well as the clear telltale signs of a scam before they are taken in by IRS email scams or paper-based scams.
How will the IRS contact you?
Though there are exceptions, the IRS initiates most of its communication via the United States Postal Service. For instance, the IRS may contact a home or business to discuss overdue bills or even make inspections. Even then, taxpayers generally receive several notices in the mail. If a communication from the IRS feels like a complete surprise and requires a response immediately, chances are the communication is a scam.
The IRS will never:
- Ask for personal information or financial records via email, text messages, or social media channels.
- Ask for PIN numbers, passwords, or similar access information for financial services using these methods.
How can I spot IRS email scams?
Scams vary in methods and can occur via physical mail, texts, email, or phone calls. Review the IRS tax scams and consumer alerts page for an updated list of scams.
Most email scams that claim to be from the IRS are identity theft schemes. The objective is to trick taxpayers into disclosing sensitive information such as PINs or Social Security numbers. Taxpayers should be on the lookout for:
- Pressure: Scammers often pair intimidating subject lines with a time-sensitive element to create pressure and confuse taxpayers, such as having only a few days to pay before the IRS takes retaliatory action. When time is a significant element of an IRS communication and feels unnecessarily punitive, then taxpayers should be wary.
- Bait: Scammers will also highlight an enticing offer, such as a tax refund, as bait for taxpayers. In those cases, the taxpayer wants to give their information to benefit from an offer. An easy way to check if you are actually entitled to a refund is to use the IRS where’s my refund tool.
- External links or attachments: IRS email scams often drive taxpayers to another site or form that looks official. Remember that an IRS site’s address should be http://www.irs.gov/ at the beginning, and anything that deviates from that should be approached with caution.
- Grammar: An easy way to spot IRS email scams or other social engineering schemes is to closely examine the spelling and grammar of the email or letter. This point rings especially true if the scam gets the name of the IRS or other federal agency names wrong. If there are any easy spelling or grammar mistakes, the message is almost certainly from a scammer.
What should I do if I receive a scam email?
The most important thing is to not click on any links or attachments or visit any external sites that the scam is pointing you toward. You could be opening something that contains malicious code that might infect your computer or device, potentially locking you out of your computer network.
Do not give any personal information to anyone if you feel the communication is potentially suspicious. Instead, forward the suspect’s email or URL address to the IRS mailbox phishing@irs.gov. You should also report any IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration or call them at 800-366-4484. Then, delete the email from your inbox (again, be careful not to click any links or attachments) and mark the message as spam in your email program.
As a reminder, if you are ever unsure of how to respond or whether the communication you have received is fraudulent, the IRS provides an updated list of recent scams, consumer alerts, and how to report them on its Tax scams/Consumer Alerts page.
Protecting against the inevitable
While taking appropriate actions against criminal activity will help taxpayers and their employers safeguard themselves against financial losses and identity theft, the reality is that scams can and do work. No individual or business is completely safe from the ever-expanding toolset criminals use today. When security has been breached, corporations need to invest in cyber or legal experts to navigate the fallout.
For accounting firms and CPAs, that situation makes Cybersecurity Insurance coverage a worthwhile investment. Contact McGowan Program Administrators for information on its cybercrime insurance packages. For instance, CPAOnePro℠ delivers professional liability solutions for public accounting firms, protecting them with broad network security and privacy coverage as well as other special features and coverages.
Our team has decades of experience protecting organizations from cybersecurity attacks such as IRS email scams. Contact us to learn more.
To learn more about staying compliant after a data breach, download our e-book: The 50 State eGuide to Data Breach Notification Laws.