April 2023 Foodman Website
Phishing and Smishing scams phishing y smishing

On 3/21/23, day two of the annual Dirty Dozen tax scams campaign, the IRS issued  a Phishing and Smishing warning to taxpayers to remain vigilant against email and text scams aimed at tricking taxpayers about refunds or tax issues. The Phishing and Smishing alert appeared on the IRS 2022 Dirty Dozen as well which includes texts, emails, and posts online to gain trust or steal a taxpayer’s identity, personal financial information, and money.  The IRS continues to see scams that seek to get a taxpayer to provide sensitive personal financial information, money, or other information with the purpose of filing a false tax return or tapping into the taxpayer’s financial accounts.  The tactics most often used to steal a Taxpayer’s identity and/or tap into the taxpayer’s account accounts involve:  Email scams (Phishing) and text message scams (Smishing).

Taxpayers should NOT click links or open attachments in unsolicited, suspicious, or unexpected text messages or emails whether from the IRS, state tax agencies or others in the tax community. Taxpayers should also be aware that fake actors can “fake” caller ID numbers to appear to be anywhere in the country, including from an IRS office.

“Email and text scams are relentless, and scammers frequently use tax season as a way of tricking people,” said IRS Commissioner Danny Werfel. “With people anxious to receive the latest information about a refund or other tax issue, scammers will regularly pose as the IRS, a state tax agency or others in the tax industry in emails and texts. People should be incredibly wary about unexpected messages like this that can be a trap, especially during filing season.”

IRS warns to avoid getting hooked by Phishing or Smishing

Taxpayers and tax professionals should be alert to fake communications posing as coming from legitimate organizations in the tax and financial community, including the IRS and states. These messages arrive in the form of an unsolicited text or email to lure unsuspecting victims to provide valuable personal and financial information that can lead to identity theft. There are two main types:

  • Phishing:  is an email sent by fraudsters claiming to come from the IRS or another legitimate organization, including state tax organizations or a financial firm. The email lures the victims into the scam by a variety of ruses such as enticing victims with a phony tax refund or frightening them with false legal/criminal charges for tax fraud.
  • Smishing: is a text or smartphone SMS message that uses the same technique as phishing. Scammers often use alarming language like, “Your account has now been put on hold,” or “Unusual Activity Report” with a bogus “Solutions” link to restore the recipient’s account. Unexpected tax refunds are another potential target for scam artists.

Taxpayers ought to remember that:

  • The IRS initiates most contacts through regular mail and will never initiate contact with taxpayers by email, text or social media regarding a bill or tax refund.
  • Never click on any unsolicited communication claiming to be the IRS as it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.
  • Never respond to tax-related phishing or smishing or click on the URL link. Instead, the scams should be reported by sending the email or a copy of the text/SMS as an attachment to phishing@irs.gov. The report should include the caller ID (email or phone number), date, time and time zone, and the number that received the message.
  • Be wary of messages that appear to be from friends or family but that are possibly stolen or compromised email or text accounts from someone they know. This remains a popular way to target individuals and tax preparers for a variety of scams. Individuals should verify the identity of the sender by using another communication method; for instance, calling a number they independently know to be accurate, not the number provided in the email or text.