As CPAs, we are always advising clients to respond to IRS notices as quickly as possible or, better yet, to bring them in and let us do it. But there is at least one instance when you should ignore a communication that seems to be from the IRS: when it’s an email.
That’s because the IRS does not communicate with taxpayers via email at all. If you get a message purporting to be from the agency – even if it has a return email address including “irs.gov” – it’s almost certainly an attempt to defraud you.
This growing phenomenon is part of a scam known as “phishing.” In case you haven’t heard of it, the scam involves persuading you to visit a web site and enter personal information, such as credit card or account numbers, Social Security numbers and date and place of birth.
Phishers usually mimic government agencies, financial institutions or even popular online merchants like amazon.com and ebay. The messages direct people to an official-looking web site, where they are asked to provide information.
Common lures include:
- You are due a refund.
- We couldn’t verify your information.
- We suspect an unauthorized transaction on your account.
As these scams get more sophisticated, it is important not even to click on the link in such email messages; there have recently been reports of criminals using email to plant keystroke-logging software on the computers of unsuspecting users.
If you receive such a message – whether purporting to be from the IRS or from a financial institution – you should report it.
Both the IRS and the Federal Trade Commission accept reports of fraudulent email activity:
- If the email purports to be from the IRS, call the Treasury Inspector General for Tax Administration at 800.366.4484.
- If it purports to be from another government agency, financial institution or merchant, forward the message to the FTC (firstname.lastname@example.org) and to the organization impersonated in the message.
- You can also contact the not-for-profit Anti-Phishing Working Group. Their website, www.antiphishing.org, includes useful information about phishing. There you can find recently-reported phishing messages and read some of the best thinking on phishing from the financial and technology industries.
Finally, be sure you take the standard precautions:
- Never email personal or financial information; email is not secure.
- Ensure that virus and firewall protection are up-to-date on all your computers.
- Review credit card and bank statements as soon as you receive them to make sure there are no unauthorized charges.
- Regularly examine your credit report to make sure you’re not a victim of identify theft.
- Never reply to any sort of spam; it simply confirms that your email address is real.