Dirty Dozen list from IRS opens with phishing, smishing scams
Author Martha Waggoner
Publisher Journal of Accountancy
Date Published 03.29.2024

The IRS opened its annual Dirty Dozen list of scams that target tax professionals, taxpayers, and businesses on Thursday with a warning about evolving phishing and smishing scams designed to steal sensitive information.

Fraudsters and identity thieves use these scams to trick recipients into clicking a suspicious link, filling out personal and financial information, or downloading malware onto their computer, the IRS said in a news release.

“Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic,” IRS Commissioner Danny Werfel said in the release. “People can be anxious to get the latest information about their refund or other tax issues, so scammers frequently try using the IRS as a way to trick people.”

Started in 2002, the annual Dirty Dozen campaign lists 12 scams and is designed to raise awareness and protect taxpayers and tax pros from common frauds. The Dirty Dozen has included phishing since at least 2010, while smishing first appeared on the 2023 list.

These fraudulent messages can be unsolicited texts or emails to lure unsuspecting victims to provide personal and financial information that can lead to identity theft. The two main types are:

The IRS typically uses regular mail to initiate contact with a taxpayer. It does not use email, text, or social media to initiate contact about a bill or tax refund.

The Report Phishing and Online Scams page at IRS.gov provides details on how to report a phishing or smishing scam. The IRS also recommends the Federal Communications Commission’s Smartphone Security Checker as a tool against mobile security threats.