
The IRS kicked off its annual Dirty Dozen list by warning taxpayers of evolving phishing and smishing scams designed to steal sensitive taxpayer information.
Phishing involves an email sent by fraudsters claiming to come from the IRS. The email lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.
Smishing involves a text or smartphone Short Message Service (SMS) message in which scammers often use alarming language such as, "Your account has now been put on hold," or "Unusual Activity Report," with a bogus "Solutions" link to restore the recipient's account. Unexpected tax refunds are another potential lure for scam artists.
These are the two main means by which fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information or downloading a malware file onto his or her computer.
"Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic,” said IRS Commissioner Danny Werfel in the kickoff announcement. “People can be anxious to get the latest information about their refund or other tax issues, so scammers frequently try using the IRS as a way to trick people. The IRS urges people to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.”
The IRS said that these schemes frequently peak during tax season but they continue throughout the year.
The IRS warned that individuals should never respond to tax-related phishing or smishing or click on the URL link. Instead, they should report all unsolicited email, including the full email headers, claiming to be from the IRS or an IRS-related function to phishing@irs.gov. Anyone who experienced any monetary losses due to an IRS-related scam incident should report it to the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission and the Internet Crime Complaint Center (IC3).
The IRS advised that taxpayers who receive an email claiming to be from the IRS that contains a request for personal information, or taxes associated with a large investment, inheritance or lottery, should do the following:
● Don't reply.
● Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.
● Don't click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS’ identity protection page.
● Send the full email headers or forward the email as-is to phishing@irs.gov. Don't forward screenshots or scanned images of emails because this removes valuable information.
● Delete the original email.
The IRS advised that taxpayers who receive a text claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery, should do the following:
● Don't reply.
● Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.
● Don't click on any links. If a taxpayer clicked on links in a suspicious SMS and entered confidential information, they should visit Identity Theft Central.
● Report the message to 7726 (SPAM).
● Include both the Caller ID and the message body in an email and send to phishing@irs.gov. Copy the Caller ID from the message by pressing and holding on the body of the text message, then select Copy, paste into the email. If the taxpayer is unable to copy the Caller ID or message body, forward a screenshot of the message.
● Delete the original text.
● For more information see the IRS video on fake IRS-related text messages.
To report a tax scheme or a dishonest tax return preparer, individuals should send a completed Form 14242, Report Suspected Abusive Tax Promotions or Preparers (along with any supporting materials) via mail or fax to the IRS Lead Development Center in the Office of Promoter Investigations.
Taxpayers and tax professionals can also submit this information to the IRS Whistleblower Office, where they may be eligible for a reward. For details, refer to the sections on Abusive tax schemes and abusive tax return preparers.
The Dirty Dozen list has been published annually since 2002 by the Security Summit, a public-private partnership formed in 2015 to protect taxpayers and the tax system against identity theft refund fraud. The Security Summit consists of the IRS, state tax agencies and the tax community, including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions. Total membership includes 42 state agencies and 24 industry offices, in addition to the IRS.