Recognizing and Reporting Phishing Scams That Pretend to Be the IRS

Overview

Phishing scams that claim to be from the IRS are among the most common tax-related frauds each year. Criminals use email, text (SMiShing), phone calls (vishing), and fake websites to create urgency — for example, threats of arrest or promises of a refund — to make victims act without verifying the message. In my practice helping taxpayers, I often see fear and urgency used to override common-sense checks.

How these scams operate

• Spoofed sender addresses and domains that look similar to irs.gov (for example, small spelling changes).
• Fake websites that copy IRS pages and harvest credentials or payment information.
• Phone calls with automated or live voices demanding immediate payment (including gift cards or cryptocurrency).
• Attachments or links that install malware.

Common warning signs

• Unsolicited messages demanding immediate payment or personal data. The IRS does not initiate contact by email, text, or social media to demand payment or request personal information (see IRS guidance) (https://www.irs.gov/newsroom/tax-scams-consumer-alerts).
• Sender addresses from non-irs.gov domains or short, odd domains.
• Poor grammar, misspellings, or oddly formatted attachments.
• Pressure tactics (threats of arrest, deportation, or license suspension).

Immediate steps if you receive a suspicious message

1. Stop interacting. Don’t click links, open attachments, or call numbers provided in the message.
2. Verify independently. Go to IRS.gov and use official contact information or your online IRS account — do not use links in the message.
3. Forward phishing emails to the IRS at phishing@irs.gov as an attachment if possible and to the FTC at https://reportfraud.ftc.gov (Federal Trade Commission). Report phone scams to the FBI’s Internet Crime Complaint Center at https://www.ic3.gov.
4. If you provided sensitive data or made a payment, act quickly: change passwords, contact your bank or card issuer to stop payments, and consider a fraud alert or credit freeze with the three major bureaus (Equifax, Experian, TransUnion). The FTC’s IdentityTheft.gov has step-by-step recovery guidance (https://www.identitytheft.gov).

Reporting specifics and documentation

• Email phishing: Forward suspicious emails to phishing@irs.gov and keep a copy.
• Phone scams: Note the caller ID, time, and what was requested; report to IC3 (https://www.ic3.gov) and to the FTC (https://reportfraud.ftc.gov).
• Identity theft: If your SSN or tax return was used fraudulently, file IRS Form 14039 (Identity Theft Affidavit) and follow the IRS identity-theft instructions (https://www.irs.gov/identity-theft-fraud-scams).

Recovery and monitoring

• Change passwords and enable multi-factor authentication (MFA) on affected accounts.
• Monitor bank and credit-card statements daily for several weeks.
• Consider a credit freeze — it prevents new accounts from being opened in your name.
• Keep records of all reports you file and any correspondence; these help creditors and the IRS resolve problems faster.

Prevention best practices (practical tips)

• Always verify sender domains; legitimate IRS emails will come from @irs.gov.
• Do not respond to urgent-sounding demands; instead, call IRS at numbers listed on IRS.gov or sign into your official account.
• Use up-to-date antivirus software and a password manager to avoid reusing weak passwords.
• Educate household members, especially older relatives, who are frequent targets.

Real-world example (brief)

A client received a call saying their refund was on hold and demanded payment via a prepaid card. They nearly complied; I advised them to hang up and verify on IRS.gov. The caller’s number spoofed a local caller ID, but the message contained multiple grammatical errors and a non-irs.gov email address — clear red flags.

Who is at risk

All taxpayers are potential targets. Scammers often single out older adults, new immigrants, and people unfamiliar with online scams. High-volume tax periods (January–April) and times of broader economic stress bring surges in scams.

Common misconceptions

• Myth: “If it says IRS, it must be real.” Reality: Scammers can convincingly copy logos and language; always verify.
• Myth: “I can verify a message by clicking the link.” Reality: Links may lead to cloned sites that steal credentials.

Further reading and internal resources

• For broader email- and payment-related scams, read our guide: How to Protect Your Finances From Phishing Scams.
• If you receive a threatening tax letter that might be fake, follow our safe verification steps: How to Verify and Respond to a Threatening IRS Letter (Safe Steps).

Authoritative sources

• IRS — Tax Scams & Consumer Alerts: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
• Forward phishing emails to: phishing@irs.gov and see IRS reporting steps: https://www.irs.gov/privacy-disclosure/report-phishing
• Federal Trade Commission — ReportFraud and IdentityTheft resources: https://reportfraud.ftc.gov and https://www.identitytheft.gov
• FBI — Internet Crime Complaint Center (IC3): https://www.ic3.gov

Professional disclaimer

This article is educational and does not replace personalized legal, tax, or cybersecurity advice. If you believe you are a victim of identity theft or tax fraud, contact the IRS and a qualified professional for help.