Tax Notes logo

Unsolicited Emails, Texts May Be From Identity Thieves, IRS Warns

DEC. 1, 2023

IR-2023-229

DATED DEC. 1, 2023
DOCUMENT ATTRIBUTES
Citations: IR-2023-229

National Tax Security Awareness Week, Day 5: As tax season approaches, IRS, Security Summit partners warn taxpayers, tax professionals to watch out for emerging scams by email, text, phone

Dec. 1, 2023

WASHINGTON — To wrap up National Tax Security Awareness Week, the Internal Revenue Service and the Security Summit partners today reminded taxpayers and tax professionals to stay alert against emerging scams during the upcoming filing season and throughout the year.

With identity thieves constantly changing tactics to try to steal information from taxpayers and businesses, the Security Summit partners remind people to watch out for a variety of aggressive schemes that can surface on email, by text, over the phone or through the mail.

These threats are present year-round, but the approach of tax season means that identity thieves will intensify efforts trying to impersonate the IRS and others involved in tax and financial work to get sensitive information.

Identity thieves also use recent news events, including tragedies, to try tricking taxpayers. And in another common tax season scam, identity thieves will pose as new, potential clients to tax professionals by email or over the phone in hopes of obtaining access to company systems. Ultimately, successful attempts to get this information means fraudsters can try filing fake tax returns with a goal of getting a refund.

“Identity thieves are relentless and use a variety of techniques. As Tax Security Awareness Week concludes, we urge people to be careful with their personal information and be wary of email and text scams," said IRS Commissioner Danny Werfel. "With people anxious to receive the latest information about a refund or other issues during tax season, scammers will regularly pose as the IRS, a state tax agency or others in the tax industry. People should be incredibly wary about unexpected messages that can be an elaborate trap by scam artists, especially during filing season."

During National Tax Security Awareness Week, now in its eighth year, the Security Summit partnership of the IRS, state tax agencies and the nation's tax community work to raise awareness among taxpayers, tax professionals and the business community about the importance of safeguarding information to protect against identity theft. The Security Summit formed in 2015 to combat tax-related identity theft through better public-private sector coordination as well as strengthening internal protections in the tax community and raising public awareness about security threats.

With the tax season fast approaching, the Security Summit partners remind taxpayers and others to take extra steps to protect their financial and tax information. As the IRS and the Summit partners have strengthened their internal defenses in recent years to protect against fraud, identity thieves have increasingly focused on more elaborate ways to obtain sensitive taxpayer information in hopes of evading systemic defenses by the IRS and the Summit partners in tax community.

In this final installment of the National Tax Security Week Awareness series, the Summit partners urged taxpayers and tax professionals to be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and states. These messages can arrive in many ways, including an unsolicited text or email to lure unsuspecting victims to provide valuable personal and financial information that can lead to identity theft. These include:

  • Phishing is an email sent by fraudsters claiming to come from the IRS or another legitimate organization, including state tax organizations or a financial firm. The email lures the victims into the scam by a variety of ruses such as enticing victims with a phony tax refund or frightening them with false legal/criminal charges for tax fraud.

  • Smishing is a text or smartphone SMS message that uses the same technique as phishing. Scammers often use alarming language like, "Your account has now been put on hold," or "Unusual Activity Report" with a bogus "Solutions" link to restore the recipient's account. Unexpected tax refunds are another potential target for scam artists.

The IRS initiates most contacts through regular mail, which means taxpayers shouldn't be getting an unexpected message by email, text or social media regarding a bill or tax refund.

The Summit partners remind taxpayers and others never to click on any unsolicited communication claiming to be the IRS or others because it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.

Individuals should never respond to tax-related phishing or smishing or click on the URL link. Instead, the scams should be reported by sending the email or a copy of the text/SMS as an attachment to phishing@irs.gov.

Taxpayers can also report scams to the Treasury Inspector General for Tax Administration or the Internet Crime Complaint Center. The Report Phishing and Online Scams page at IRS.gov provides complete details. The Federal Communications Commission's Smartphone Security Checker is a useful tool against mobile security threats.

The IRS also warns taxpayers to be wary of messages that appear to be from friends or family but are possibly stolen or compromised email or text accounts from someone they know. This remains a popular way to target individuals and tax preparers for a variety of scams. Individuals should verify the identity of the sender by using another communication method; for instance, calling a number they independently know to be accurate, not the number provided in the email or text.

Signs that a scam may be underway

Taxpayers should watch for a number of tell-tale signs that could be an indication that they have been a victim of identity theft or a tax scam. Among some of the signs are:

  • Taxpayers receiving a tax transcript in the mail from the IRS that was not ordered.

  • Taxpayers receiving an unrequested Employer Identification Number.

  • Taxpayers receiving W-2's from an unknown employer.

  • Taxpayers unexpectedly getting a notice or an email from a tax preparation company that is:

    • Confirming access to an existing online account.

    • Disabling an existing online account.

    • Confirming a new online account.

  • Getting a letter from the IRS during a year that the taxpayer didn't earn income or a tax return hadn't been filed. In this situation, it's possible an identity thief has submitted a tax return in the honest taxpayer's name. In this situation, where the taxpayer didn't earn money or file a return, the warning sign is a letter showing:

    • Additional tax is owed.

    • A refund was offset because of a balance due.

    • Collection actions have been taken.

Generally, the IRS starts with a mailed paper bill to a person who owes taxes. If a taxpayer wants to verify what taxes they owe the IRS, they should view tax account information. But they should not click on links in email or texts saying they owe a bill.

Protect against becoming a victim, again

Taxpayers who believe they're victims of tax-related identity theft — and who have not received an IRS letter alerting them to ID theft — should complete Form 14039, Identity Theft Affidavit.

The IRS will work to verify the legitimate taxpayer, clear the fraudulent return from their account and generally place a special marker on the account that will generate an IP PIN each year for the taxpayer who is a confirmed identity theft victim. This ensures that the criminal does not come back in the future claiming to be the victim and trying to commit the fraud yet again.

In most tax-related identity theft cases, there is no need for taxpayers to file Form 14039, Identity Theft Affidavit. That's because the IRS identifies a suspicious tax return based on hundreds of processing filters and pulls the suspicious return for review. The IRS will send a letter to the taxpayer and will not process the tax return until hearing back from the taxpayer.

Help for taxpayers: Get an IRS Identity Protection PIN

An IP PIN protects a taxpayer's account, even if they don't need to file a tax return, by rejecting any e-filed tax return filed not using the unique PIN. New IP PINs are sent automatically from the IRS every year for added security. Once an individual enrolls in the IP PIN program, there is no way to opt-out. To obtain an IP PIN, taxpayers can visit the IRS online tool Get an IP PIN.

Create a personal IRS account online directly with the IRS

Taxpayers can create an IRS Online Account before scammers can use their stolen personal information to create one first. An IRS Online Account usually only takes five to 10 minutes to set up. Once an account is created, scammers can't create a fraudulent one for the same person.

Reporting scams and tax fraud

Taxpayers should report suspicious IRS, Treasury or tax-related online or email phishing scams to phishing@irs.gov. They should not click on any links, open attachments or reply to the sender.

If taxpayers receive an IRS-related phone call, but do not owe taxes, they should hang up immediately and contact the Treasury Inspector General for Tax Administration to report the IRS impersonation scam call. The caller ID and callback number can be reported to phishing@irs.gov with the subject line of “IRS Phone Scam.”

More resources

DOCUMENT ATTRIBUTES
Copy RID