IRS tax season phishing scam

Avoid the Dangerous IRS Phishing Scams During Tax Season

It’s tax season once again, when scammers start working overtime to deceive unwitting taxpayers into giving away personal information or sending in money for phony tax preparation services, or even payments for state and federal taxes.

Email security tools have become so effective in recent years that the hackers now seek new ways to target users through web browsers. Such browser-based phishing attacks take various forms including malicious advertising, browser extensions and pop-ups, imitation login pages or tech support scams. Don’t be fooled by these increasingly sophisticated phishing attacks launched by cybercriminals.

IRS tax season phishing scam
Here is an example of a malicious phishing site that encourages users to download a Chrome browser extension to help them file their taxes.

The Internal Revenue Service has issued a notice warning taxpayers to be extra vigilant this year. After years of declines, phishing scams increased by 60 percent in 2018. From January to October 2018, more than 2,000 tax-related scam incidents were reported to the IRS, including cases in which perpetrators impersonated a tax preparer or other legitimate person over email.

Phishing attacks generally use emails or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. The most common way for cybercriminals to steal money, bank account log-ins, passwords, credit cards or Social Security numbers is simply by asking for them in a clever, underhanded way (otherwise known as social engineering).

The IRS recently published its annual Dirty Dozen List of prevalent tax scams and phishing attacks topped the list. One recent malware campaign used a variety of subject lines such as “IRS Important Notice” and “IRS Taxpayer Notice.” Some messages demanded a payment, while others threatened to seize the recipient’s tax refund. Scam emails can come not only from people pretending to be the IRS, but also from scammers impersonating TurboTax and other tax preparation companies.

A scam artist will take advantage of prior knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo. These targeted messages can trick even the most cautious person into taking actions that may compromise sensitive data.

Some scams contain emails with hyperlinks that take users to a fake site. Other versions contain PDF attachments that may download malware or viruses. Scammers may also try to create a false sense of urgency and panic to make you think your account needs updating or you won’t get a refund unless you “CLICK HERE.” Don’t take the phishing bait – it’s best to approach any tax-related communications with caution and think before you act.

Taking Steps to Protect Against Tax Season Phishing Scams

First, be aware of any browser pop-ups that appear to be promotions or alerts from personal tax software, and even emails that look like they are from your HR team with attachments. Be careful to double-check all email addresses, links, and attachments.

If you receive a suspicious email, check for more specific details about the message sender, including the sender’s email address. You can do this by clicking on the arrow next to the sender on most email clients. You can also identify these schemes by spotting misspellings and examples of bad grammar.

Most importantly, don’t click on any tax-related emails that claim to contain sensitive information. Especially if it appears to be the first time someone from the IRS is trying to contact you. The IRS does not initiate contact with a taxpayer through email. If you see an email query from TurboTax or H&R Block go directly to the official website to check your account. Remember, these entities will generally not ask for sensitive information like a Social Security number via email.

To avoid getting scammed, it’s best to visit your tax software’s main webpage for direct customer support info and to input any personal data and social security numbers there, rather than responding immediately to the urgent support pop-up that most likely is a scam. The same goes for credential login pages – make sure to double-check the URL. It’s easy for scammers to make convincingly similar pages by using camouflaged links such as “” or even by inserting a number such as “0” for the letter “o”.

For business and government organizations, it’s essential to have the right security tools in place to detect these types of zero-hour phishing attacks in real-time. Employees accessing these sites via the corporate network can compromise more sensitive data than just their personal tax information. After all, employee training and awareness is important, but you can’t always expect your employees to think like the hackers.

Scroll to Top