Teipen Logo

This year’s top phishing and smishing scams

Posted on April 20, 2024

All of us are continually to be bombarded by email and text scams, which is why the IRS is warning individuals and businesses to remain vigilant.

Identity thieves are very good at tricking people into clicking a suspicious link, filling out personal and financial information, or downloading a malware file onto their computer – and – they are getting more sophisticated every year.

The IRS urges all of us to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text from numbers they don’t recognize. Their annual Dirty Dozen campaign lists 12 scams and schemes that put taxpayers, businesses and the tax professional community at risk of losing money, personal information, data and more.

Through initiatives like these, the IRS strives to protect taxpayers, businesses and the tax system from cyber criminals and deceptive activities that seek to extract information and money.

Don’t take the bait

Taxpayers should be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and state tax agencies. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable personal and financial information that can lead to identity theft.

There are two main types:

  • Phishing: An email sent by fraudsters claiming to come from the IRS. The email lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.
  • Smishing: A text or smartphone SMS message where scammers often use alarming language such as, “Your account has now been put on hold,” or “Unusual Activity Report,” with a bogus “Solutions” link to restore the recipient’s account. Unexpected tax refunds are another potential lure for scam artists.

Never click on any unsolicited communication claiming to be the IRS as it may surreptitiously load malware. The IRS initiates most contacts through regular mail and will never initiate contact with taxpayers by email, text or social media regarding a bill or tax refund.

In some cases, phishing emails may appear to come from a legitimate sender or organization that has had their email account credentials stolen. Setting up two-factor or multi-factor authentication with their email provider can reduce the risk of individuals having their email account compromised.

What to do if you think you have been compromised:

If you receive an email claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery:

  • Don’t reply.
  • Don’t open any attachments. They can contain malicious code that may infect the computer or mobile phone.
  • Don’t click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS’ identity protection page.
  • Send the full email headers or forward the email as-is to phishing@irs.gov. Don’t forward screenshots or scanned images of emails because this removes valuable information.
  • Delete the original email.

If you receive a text claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery;

  • Don’t reply or open any attachments.
  • Don’t click on any links. If a taxpayer clicked on links in a suspicious SMS and entered confidential information, they should visit Identity Theft Central.
  • Report the message to 7726 (SPAM).
  • Include both the Caller ID and the message body in an email and send to phishing@irs.gov. Copy the Caller ID from the message by pressing and holding on the body of the text message, then select Copy, paste into the email. If the taxpayer is unable to copy the Caller ID or message body, forward a screenshot of the message.
  • Delete the original text.
  • For more information see the IRS video on fake IRS-related text messages.

To report a tax scheme or a dishonest tax return, you should send a completed Form 14242, Report Suspected Abusive Tax Promotions or Preparers, (along with any supporting materials) via mail or fax to the IRS Lead Development Center in the Office of Promoter Investigations.

c/o:
Internal Revenue Service Lead Development Center
Stop MS5040
24000 Avila Road
Laguna Niguel, California 92677 3405
Fax: 877-477-9135

If you’re not sure about something sent to you that seems odd, feel free to call the CPAs at Teipen CPA Group. We’ll listen and help you ascertain the credibility of the message, and where you stand. We’re here to help