The IRS opened its annual Dirty Dozen list of scams that target tax professionals, taxpayers, and businesses on Thursday with a warning about evolving phishing and smishing scams designed to steal sensitive information.
Fraudsters and identity thieves use these scams to trick recipients into clicking a suspicious link, filling out personal and financial information, or downloading malware onto their computer, the IRS said in a news release.
“Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic,” IRS Commissioner Danny Werfel said in the release. “People can be anxious to get the latest information about their refund or other tax issues, so scammers frequently try using the IRS as a way to trick people.”
Started in 2002, the annual Dirty Dozen campaign lists 12 scams and is designed to raise awareness and protect taxpayers and tax pros from common frauds. The Dirty Dozen has included phishing since at least 2010, while smishing first appeared on the 2023 list.
These fraudulent messages can be unsolicited texts or emails to lure unsuspecting victims to provide personal and financial information that can lead to identity theft. The two main types are:
- Phishing: An email claiming to come from the IRS that lures the victims with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.
- Smishing: A text or smartphone SMS message where scammers often use alarming language such as, “Your account has now been put on hold,” or “Unusual Activity Report,” with a bogus “Solutions” link to restore the recipient’s account. Unexpected tax refunds are another potential lure for scam artists.
The IRS typically uses regular mail to initiate contact with a taxpayer. It does not use email, text, or social media to initiate contact about a bill or tax refund.
The Report Phishing and Online Scams page at IRS.gov provides details on how to report a phishing or smishing scam. The IRS also recommends the Federal Communications Commission’s Smartphone Security Checker as a tool against mobile security threats.