IRS Warns Everyone to Beware of Tax-Related Phishing Scams

by | Mar 6, 2019

The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft.

Every year the IRS supplies provides taxpayers, businesses, and tax professionals with 12 most seen phishing and tax scams to increase awareness of the most prevalent threats.

For the entirety of tax season, hackers are highly active and seek tax data to commit identity theft and submit fraudulent tax returns. Every year, many consumers are tricked into sharing their personal information and scores of groups fall victim to these scams and share the tax information of workers to scammers. The scams are carried out over the phone, via text messages, on social media platforms, websites, and using email.

On March 4, 2019, the IRS initiated 2019’s Dirty Dozen campaign with an alert about the most serious threat during tax season – phishing. On each of the following 11 weekdays, the IRS will focus on a different scam.

Tax-related phishing scams are often well disguised. Emails are sent that seem to be from the IRS threatening fines or legal action or offering large refunds for overpayment of tax. The sender name is often made up, IRS logos are used, and the emails usually ask for an urgent response. Regardless of the theme, the tax-related phishing scams have one main aim: To obtain personal data.

A new phishing scam was discovered this year which led to a warning from the IRS in February. Targeted tax professionals were being focused on to obtain client data. Fraudulent tax returns were then submitted using the stolen data and the IRS sent tax refunds to taxpayers’ accounts via direct deposits. The taxpayers were then contacted by the hackers, who pretended to be debt collection agents acting for the IRS to reclaim payments that had been made by mistake.

Payroll offices and human resources departments need to be on constant alert during tax season for tax-related phishing scams that try to obtain form W-2 information. Emails are issued to payroll/HR staff requesting W-2 form information for all workers that have worked in the past financial year. The emails are either shared from a compromised email account within the group – titled a business email compromise (BEC) attack – or they use an similar to that of a high-level executive – referred to as a business email spoofing (BES) attack.

Other types of these attacks include requesting changes to the direct deposit information of employees, payment of fake invoices, or requests for fraudulent wire transfers. Email scams are also carried out to spread malware that logs keystrokes and obtains sensitive data.

The IRS outlined that, in most cases, contact with taxpayers is not initiated by the IRS via email to ask for personal or financial information. Anyone receiving a tax-related phishing scam email that spoofs the IRS should send the message to [email protected]

IRS Commissioner Chuck Rettig said : “Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS. Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy