Fraudulent Tax-Related Emails Are Once Again Making the Rounds Trying to Steal Your Money and Information

Don't fall for emails claiming to be coming from the IRS or other government agencies

Fraudulent Tax-Related Emails Are Once Again Making the Rounds Trying to Steal Your Money and Information
Image:
December 7, 2018

It's not even tax time, but criminals have already started targeting unsuspecting taxpayers with phishing emails and other emails designed to download malware. The latest emails appear to be from the Internal Revenue Service (IRS), are signed "Department of Treasure," and have a Microsoft Word document attached that appears at first glance to be a tax transcript.

The IRS won't be emailing you

Email is convenient, but it's never secure and it's certainly not foolproof. For that reason, government agencies, including the IRS, will never use email to communicate with you regarding sensitive information. Moreover, they won't be contacting you to deliver documents or services, even if you requested them. These will always be sent via mail.

With very limited exceptions, such as announcements about new services and deadlines, the IRS will never email you. Instead, all communication is done via phone and mail and it's almost exclusively related to a transaction or inquiry you initiate, not the other way around.

Spelling and Grammatic Errors are Warning Signs

Everyone, including employees of government agencies, makes mistakes with email. It happens, and has even been known to happen to us. But one of the warning signs of fraudulent email, which often come from outside the United States, is an apparent lack of understanding of the English language. Spelling errors and grammatical errors typically abound in these deceptive emails. Greetings might seem awkward and paragraphs may not 'flow.' There might also be a surprising lack of information, such as a brief headline and then only instructions to visit a link or download a file.

In several recent emails, the current date incorrect, being a day or two in the future. One of these emails has a contact phone number and says to "contact me," not the agency. This same email was also signed "Department of Treasure," which doesn't exist. This particular email originated in South America.

Don't call phone numbers in the emails or reply

Even if you don't download the attached malware, criminals can still hook you in other ways, such as if you reply to the emails or call the phone number listed. In one recent email, the phone number had an area code of 861, which at first glance might seem like a toll-free line but is actually an area code for Illinois. If you call or reply to the criminals, they confirm that your email address is valid or can get your phone number, opening you up to fraudulent phone calls in the future. You might even be billed excessive charges on your phone bill for the calling the number.

Don't Download or open attachments or links in emails

Opening attachments or links in fraudulent emails can do any number of things, such as place viruses on your computer, log your keystrokes, or even direct you to banking and government websites that appear genuine but are in fact cleverly designed to steal your login credentials. If you receive an unsolicited email, delete it, especially if it looks suspicious. If an issue is extremely urgent and a government agency or company with whom you do business needs to contact you, it won't be by email.

Emails may not be from the sender, even if they appear to be

It's easy these days to spoof or fake the "from" address in an email. You can do this yourself from any number of websites offering the service. Most people use these services to test antispam measures within their own organizations. But not everyone is honest.

Anyone who operates a private mail server spoof an email easily. It only takes seconds to change the setting before the fraudsters send hundreds of thousands of emails. So never presume that an email that appears to come from a government agency, a business or even a friend is legitimate.

Contact the agency or company directly

If you are unsure about the legitimacy of an email, contact the agency or company directly by a means other than what is provided in the email. A fraudulent email will often have fraudulent contact information.

Instead of clicking links in the email, go directly to the agency's or company's homepage and make contact that way. If you are calling, get the contact number from the website or from another trusted, legitimate source.