Unfortunately, millions of people around the globe fall victim to a variety of different phishing scams and online scams.  And the most recent scam involves receiving an email from what seems to be the Internal Revenue Service. The IRS has begun to warn taxpayers throughout the United States to be on the lookout for emails with subject lines such as “Electronic Income Tax Reminder”.  These emails are sent from criminals who are impersonating the IRS in an attempt to deceive taxpayers into gaining access to their delicate tax and banking information.

It is important to remember that the Internal Revenue Service will not send you emails about your tax income refunds or sensitive tax information.  The IRS will typically send a notice through the U.S Postal Service. This is the standard contact method used by the IRS as they don’t typically initiate contact with an email or a phone call.  Phishing scams have got more and more sophisticated in recent years so it is important to always stay up-to-date with account protection methods.

How Does The New IRS Email Impersonation Scam Work?

Cybercriminal organizations have increased the level of sophistication of their scams in recent years which makes it difficult for many people to keep their personal information safe.  This particular scam uses a more sophisticated method compared to older scams that were used years ago. It typically begins by you receiving an email with a subject line that talks about your tax return or a reminder about your income tax.  Some of the subject lines we have seen are “Electronic Income Tax Reminder”, “Required Income Tax Information”, and “Reminder: Electronic Tax Return”.

The emails will be formatted to look like they are sent from the IRS, however, they are just attempting to deceive you.  The email will state that you are required to login to your account to fill out more information or to receive an income tax refund.  They will include a link at the bottom of the email which leads to a website that looks similar to the IRS website. However, this site is not owned by the IRS and is using a cloning software to deceive the visitor.  Once the visitor is on the website, they are prompted to use a “one-time password” or a “temporary password” to access the files required to get money back from the IRS. But the file that the visitor clicks is actually a malicious file that contains a keylogger or other software to help the scammer get access to your computer and your data.

Typically these malicious websites are so well designed that it is nearly impossible for someone who isn’t technically savvy to understand that this site isn’t the same as the IRS website.  And taxpayers may not even realize that they have downloaded malicious software to their computer until it’s too late.

Since these websites are so well designed and the scammers are able to create a new website if a previous one gets shut down, it can be difficult for the IRS to shut down all of the sites and cyber criminal organizations responsible.  This makes it even more important for all taxpayers to be aware of such email scams as well as other scams that involve email phishing or direct phone calls from criminals who impersonate the IRS or other government agencies.

What Are Phishing Scams?

Phishing is a fraudulent attempt made by criminals to receive sensitive information such as credit card numbers, passwords, or other login information by falsely representing a trustworthy entity.  The scammer will often pretend to work for your banking organization, a governmental agency, or other entity in order to seek for your sensitive information. They will pose as a trustworthy entity and then reach out to you in an attempt for you to give them the login information or information required to take access of your account.

These days phishing is most likely to happen through email, social media, or other online sources of communication.  As mentioned in the above example of the IRS impersonator, phishers will typically have visitors enter their personal information on a fake website that looks just like the real website.

In recent years, phishing has grown into such a large problem that increased levels of legislation have been put into effect to help protect people from these fraudulent scams.  However, legislation will only stop a small percentage of scam attempts, one of the best ways to protect citizens from phishing attempts is to educate the public on the subject.

To help protect citizens and taxpayers around the United States from potential phishing attack it is important to help your friends and family stay up to date with recent scam strategies used by cyber criminal organizations.  

It is important to be skeptical when you receive an email or phone call from a trustworthy entity such as you banking organization or a government agency.  We recommend that if you believe the email to be a fraudulent email to go directly to the entity’s website and login that way instead of logging in by clicking the links within the email.

If you believe you have received an online scam attempt or phishing scam we highly recommend that you report it to the IRS to help stop these types of scams from taking advantage of other people.  You can learn more about phishing scams and report scams at https://www.irs.gov/privacy-disclosure/report-phishing