Phishing scams involve fraudsters illegally trying to obtain sensitive personal information via email or direct message. In some cases, these phishing attempts are tax scams involving fraudulent IRS credentials. Learn more below. 

Phishing -- pronounced "fishing" -- is the attempt to information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, banks, online payment processors, or IT administrators are commonly used to lure the unsuspecting public. Phishing e-mails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

There have been a number of phishing scams utilizing look-a-like IRS website pages. These sites use cons such as “get your refund on your Visa and MasterCard” where unsuspecting individuals enter their name, address, date of birth, SSN, mother’s maiden name, credit card number, and even the 3-digit code on the back of the card. Another one that has made the rounds claimed there was a problem with their payment to the government’s electronic funds tax payment system (EFTPS). Others are just plain malicious and attempt to get individuals to open e-mails and go to websites where malware will download and infect your computer.

Increasingly, tax professionals are being targeted by identity thieves who are looking for real client data to better impersonate the taxpayer when filing fraudulent returns for refunds. One such phishing email emerged a few years ago purporting to be from a tax software education provider. It was seeking an unusual amount of sensitive preparer data that would enable the thieves to steal client information and file fraudulent tax returns. Tax professionals are reminded that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.

Tax professionals need to be vigilant regarding emails where a non-client sender is requesting assistance related to IRS correspondence or where the sender wants the preparer to respond regarding the possibility of their becoming a new client. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. During the Covid-19 pandemic when teleworking became prevalent, tax pros were especially vulnerable to spear phishing scams from thieves posing as potential clients.

Targets of phishing scams can help by forwarding phishing e-mail purportedly from the IRS to [email protected] For more information visit IRS.gov and search “phishing”.