Thought Leadership

Don’t Let IRS Phishing Scams Create More Tax Season Headaches

(March 18, 2022) Tax filing season is in full swing, and so are the scams. Law enforcement agents are warning of several new IRS phishing scams targeting taxpayers this year.

One takes advantage of confusion regarding stimulus checks that have been issued to eligible taxpayers as part of the economic recovery from the COVID-19 pandemic. Scammers tell victims they “need to pay a small fee” to receive an economic impact payment (EIP). However, the government does not require anyone to make a payment to get the EIP or the related recovery rebate credit.

Often, the scammer’s objective is to extract sensitive information from the victim. Another scam email encourages victims to click a link to a fake form, and provide their Social Security number, driver’s license number, date of birth, and other information to claim a refund. Yet another scam tells victims they need to fill out form W-8BEN, the “Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding.” Although the form is legitimate, scammers are using a modified version to steal personal information such as passport numbers and PINs.

Some criminals send phishing emails with malicious attachments purporting to provide a summary of the victim’s tax return. When the victim opens the attachment, it downloads malware.

Longstanding Problem

Unfortunately, these are just the latest in a long line of IRS-related scams that always pick up steam during tax season. Criminal actors will pose as the IRS and demand payment for a tax bill that doesn’t exist. Victims are told that if they don’t pay by a certain time, a warrant will be issued for their arrest. In other cases, the scammers claim the victim will be reported to the police, deported or have licenses revoked.

Although IRS phishing scams have existed for years, criminals have become highly sophisticated in their approach. Emails and websites look legitimate and professional. Subject lines seem believable, and the requests being made seem reasonable. As a result, many people take the bait.

Accountants and other tax professionals are also targeted with spearfishing attacks designed to capture sensitive information. On Feb. 16, 2022, the IRS warned tax pros of phishing emails that purport to be from tax software providers. The emails claim that the tax preparer’s “account has been put on hold” of that there’s an “unusual activity report.” The tax pro is urged to click on a link and enter their account information, giving the scammers the credentials they need to file fraudulent tax returns.

How to Avoid Becoming a Victim

Part of the problem is that many people don’t know how the IRS operates. The IRS typically does not communicate with taxpayers via email or text, and they’ll never ask for personally identifiable information or demand payment through these channels. The IRS will almost always send a physical letter in the mail so you can verify the contents of that letter without risk.

Even if an email seems like it was sent from a legitimate source, such as a bank or software provider, users should avoid opening those emails and clicking links unless they’ve verified their authenticity. They should check the sender’s email address to see if it looks suspicious.

Organizations need to educate employees about IRS scams and what steps to take if a scam is suspected. Implementing a spam filtering solution and other security tools that can detect suspicious emails will also help. When these emails do slip through the cracks, it’s important to report as many incidents as possible.

Visit the Report Phishing and Scams page when you receive suspicious communication from someone posing as the IRS. If you need help developing a strategy for taking on phishing email scams, contact Mainstream Technologies for assistance.

ABOUT MAINSTREAM TECHNOLOGIES

Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution