Received an Email from the “IRS”? It's a Scam

Published March 06, 2018
By Anonymous

If you haven’t filed your taxes yet, you should do them as soon as possible—before someone else does.

The Internal Revenue Service (IRS) warns that tax refund fraud schemes have grown increasingly common in recent years. Criminals gain access to consumers’ private data, then use that information to file false tax returns and try to acquire the resulting refunds.

Tax refund fraud has grown increasingly common in recent years.

When the victim of this identity theft receives his or her (fraudulent) refund, the criminal contacts them, impersonates the IRS, says the refund is a mistake, and demands that they transfer the money to a different account.

Russell Schrader, head of the National Cyber Security Alliance, tells The New York Times, “It signifies the ingenuity of the fraudsters out there.”

In 2016, tax refund fraud accounted for an estimated $21 billion in false refunds—more than three times as much as in 2013.

The uptick in this type of fraud creates serious problems for businesses as well as individuals.

Businesses Suffer Phishing Scams, Data Breaches

To carry out tax refund fraud, criminals need a person’s name, birthdate, and Social Security Number. How do they acquire this information? Through phishing scams. The FBI states:

The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization.

It’s obvious why this would be the most popular method: instead of having to acquire individuals’ data one by one, emailing an employee of a company’s human resource department allows criminals (if successful) to scoop up dozens or even hundreds of consumers’ data all at once.

To protect employees’ information, the FBI recommends that companies limit the number of people who can handle W-2 requests, require dual approval for wire transfer requests, and verbally confirm requests via phone calls to known contacts.

For individuals whose data was accessed—leading to identity theft and/or tax refund fraud—the best course of action may be a lawsuit.

Cyber criminals also obtain social security numbers in high volume by infiltrating companies that store personal identification information (PII) such as social security information. This form of theft and exposure of PII has become known as a data breach. It typically occurs due to lax cyber security measures on the part of the company that has sustained a breach.

For individual employees whose data was accessed in this manner—leading to identity theft and/or tax refund fraud—the best course of action may be to file a data breach lawsuit.

If you have fallen victim to identity thieves, contact us for a free consultation. You could be owed money for damages.

IRS Doesn’t Email People or Threaten Police Action

If you receive an email or phone call from someone claiming to be from the IRS, they are almost definitely lying. As a general rule, the IRS does not email or call people. The vast majority of the time, the IRS sends letters via the U.S. Postal Service.

The IRS also emphasizes the following:

  • They will not demand “immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer.”
  • They will always give you the opportunity to question or appeal how much you owe.
  • They will not threaten to “bring in local police, immigration officers or other law-enforcement to have you arrested for not paying.”
  • The IRS does not have the authority to take away your immigration status or driver’s license.
  • In the rare event of a home visit, IRS agents will always show two forms of official credentials.

In short, if someone is trying to bully or coerce you into swift payment with a specific kind of card, he or she most likely is a scammer.

Report phishing scams to, file an identity theft complaint at the Federal Trade Commission site, and contact an attorney if you experienced financial or reputational damage because of a data breach.