Every year the IRS publishes there Dirty Dozen tax scams.  These are common scams that taxpayers face, but are most prevalent now during tax season.

Number two on the list is a scam called Phishing.  Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information.  The criminal now armed with this information can commit identity theft or financial theft.

An example of a Phishing email is one that appears to come from the IRS and states that “We identified an error in the calculation of your tax …. In order for us to return the excess payment click here.”

Other examples of IRS Phishing emails are:

Example One

Example Two

In this information age it might seem reasonable that the IRS would send emails to taxpayers.  But this is decidedly NOT TRUE.  The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

The IRS will never request detailed personal information through email or send any communication requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.

Obviously, the best way to avoid the hardship caused by Phishing is to not allow yourself to get lured in – but what do you do if  you make a mistake?

Here is a list of initial action items:

  1. If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS report it by sending it to phishing@irs.gov.
  2. Request a Fraud Alert be placed on your credit report.  The alert will remain on your credit reports for 90 days. You only have to contact one of the three major credit reporting agencies to place an initial alert and it will notify the other two – like Equifax or Experian.
  3. Possibly request a Security Freeze on your credit report with the credit reporting agencies.
  4. You also need to request copies of your credit reports immediately and carefully review for unauthorized activity.
  5. Create an Identity Theft Report to the Federal Trade Commission.
  6. Tirelessly monitor progress on the ID Theft.  The FTC has important recommendations on how to do this.