Tax Season Always Leads to Tax Phishing Scams, Here is What You Need to Know

Most of the United States are very eager to receive their well deserved tax return during tax season, although are you educated enough to avoid the dangerously growing tax phishing scams?

First off, you must understand what and how tax phishing scams & cyber attacks work. Phishing is a scam typically carried out through unsolicited email and/or websites that pose as legitimate sites (IRS, for example) and lure unsuspecting victims to provide personal and financial information.

How can I avoid Tax Phishing Scams?

  1. Do not click on the e-mail

Tax Season Phishing

2. Delete the e-mail / move to spam folder or block the sender – The IRS doesn’t initiate contact with taxpayers by email, text messages or social media to request personal or financial information. This includes requests for PIN numbers, passwords, or similar access information for credit cards, banks or financial accounts.

3. Don’t Reply

4. Phone Calls – if you receive IRS phone calls, make sure you call 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate request.

5. Report – report all incidents to TIGTA and to the IRS at [email protected] (Subject: ‘IRS Scam’)

In closing, here are some remaining tips on how to spot additional phishing attacks:

Phishing scams are a threat to consumers in general, so keep an eye out for attacks unrelated to the IRS. Be suspicious of emails stating that you will lose something—such as your bank account or email account—if you don’t respond or click on the stated link immediately. Signs of phishing schemes that imitate well-known businesses can contain:

  • Generic email salutations, such as “Dear valued customer,” instead of your name.
  • Poor grammar or spelling errors.
  • Conflicting web addresses: Place your mouse over the link to see if the URL matches the typed web address in the message. If it doesn’t, it’s likely a scam. Avoid clicking the link.
  • Web addresses that resemble those of prominent businesses, but are slightly different.
    • For example, the URL of a spoof site mimicking may begin with “http” instead of “https.”
    • Or the web address may be something like “” instead of PayPal’s actual URL.

If you have any questions, please comment below. Thank you!