National Tax Security Awareness Week, Day 2: Don’t take the bait: Recognize, avoid phishing scams from identity thieves

WASHINGTON – As the holiday season approaches, the IRS and Security Summit partners warned taxpayers to watch out for phishing scams in the deluge of holiday email messages coming from retailers and others.

More than 90% of all data thefts begin with an email phishing scam. The IRS, state tax agencies and the nation’s tax industry – working together as the Security Summit – warned people to watch out for phishing scams during the busy holiday shopping period and in advance of the 2020 tax season.

“Identity thieves are looking for new and different ways to use phishing schemes to obtain sensitive information from people in hopes of filing fraudulent tax return,” said IRS Commissioner Chuck Rettig. “This is the season of giving but be careful and don’t give your sensitive financial or tax information to an identity thief.”

Guarding against phishing scams is the focus of Day 2 of National Tax Security Awareness Week. For the fourth year in a row, the IRS, state tax agencies and the nation’s tax industry are highlighting the holiday period as a time to remember important safety tips everyone should take to protect their sensitive tax and financial data.

The week continues through Dec. 6 with a series of special educational efforts taking place at more than 25 partner events across the country to raise awareness about protecting taxpayers and tax professionals from identity theft. The week includes special social media efforts on platforms including Twitter and Instagram, including a special Twitter chat on @IRSnews and #TaxSecurity on Thursday.

Phishing scams remain a year-round threat to taxpayers.

“The best defense against these scams is a well-informed user. Remember: Don’t take the bait,” Rettig said.

Here’s what you need to know to protect yourself from phishing scams:

  • First, the most common way thieves steal identities is simply by asking for it. Their favorite tactic is a phishing email. Phishing emails “bait” users into opening them. They pose as a trusted company like a bank, a favorite retailer or even a tax professional.
  • Second, learn to recognize and avoid these phishing emails. The scams tell an urgent story – like there’s a problem with your account or your order. The message then instructs the receiver to open an embedded link or download an attachment.
  • Third, don’t take the bait. The email link may send users to a familiar website to login, but the username and password goes to the thieves. Or, the scam suggests users open an attachment, which secretly downloads malicious software.  Either method works for identity thieves.

These scam emails can show up in personal inboxes or even to a work inbox, endangering the entire organization. And mobile phone users are especially prone to responding more than those working on laptop or computer. If at home, just delete the email. If at work, follow the organization’s guidance on handling the email.

Watch out for scam letters, phone calls

Emails aren’t the only phishing tactic. Thieves may use letters or phone calls, especially when impersonating the IRS.

For example, recent letters claiming to be from the IRS are demanding payment of an overdue tax bill. The letter requests the check be paid to IRS, but it provides an incorrect telephone number. Remember: Letters for taxes due always request payment be made to the “United States Treasury.” If unsure, taxpayers can register at the official web site and check their account balance if in doubt.

And no, that’s not the IRS calling with angry demands of payment and threats of jail or a lawsuit. The IRS does not make threatening phone calls, nor does the IRS request payment via gift cards or debit cards like iTunes.

People who receive an IRS-imposter email scam should send it to To report fraudulent letters and telephone calls, contact the Treasury Inspector General for Tax Administration at

A new avenue is social media. Increasingly, thieves are embedding their links or malware in social media commentaries, tweets or posts. Do not open links from social media unless you are certain of the source.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the second in a week-long series of tips to raise awareness about identity theft. See for details.