phishing

IRS warns taxpayers of new email scam campaign distributing malware

If you’ve received an unsolicited email from the IRS, beware. The Internal Revenue Service and its Security Summit warns taxpayers and tax professionals about a new IRS impersonation scam campaign spreading nationally on email. The scammers use dozens of compromised websites and web addresses that pose as IRS.gov, complicating efforts to stop the scam and catch the individuals behind it.

The email scam began hitting taxpayers’ email inboxes last week. Subject lines of the emails use official-sounding phrases like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.”

iStock

iStock

The emails contain links to a website that looks like IRS.gov, with details purporting to be about the taxpayer's refund, electronic return, or tax account. The scam emails contain a temporary password or other reasonable-looking login credentials to “access the files” to submit the refund. However, using these credentials doesn’t give the taxpayer access to files or a refund; instead, the user downloads malicious software (“malware”) onto their computer.

Scammers infect taxpayers’ computers with malware to try to gain control of the taxpayer's computer or covertly download software to steal passwords to sensitive accounts, such as financial accounts.

Taxpayers remain vulnerable to scams by IRS imposters sending fake emails or harassing phone calls

“The IRS does not send emails about your tax refund or sensitive financial information,” says IRS Commissioner Chuck Rettig. “This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times.”

The IRS doesn't initiate contact with taxpayers by email, text messages, or social media to request personal or financial information. This includes requests for PIN numbers, passwords, or similar access information for credit cards, banks, or other financial accounts.

The IRS also doesn't call to demand immediate payment using a specific payment method (and it does not accept prepaid debit cards or gift cards). Any taxpayer who owes taxes will receive a bill in the mail before the IRS attempts any other type of communication. See IRS.gov’s Report Phishing and Online Scams at IRS.gov for more details.

If you believe you have received an IRS scam email, do not open it. Forward it to phishing@irs.gov. You can also feel free to contact your trusted REM advisor.

Also see:

Beware: dangerous tax account transcript scam runs rampant

Data protection recap: what have we learned?

Special report: 4 things you can do to protect your data

Is the IRS really emailing me?