By Charles Dean Smith, Jr., CPA

The IRS has identified phishing and smishing as leading threats on its 2024 “Dirty Dozen” list, signaling a significant call to action for both taxpayers and tax professionals. These scams, defined by their use of fraudulent emails or text messages pretending to be from the IRS, aim to extract personal and financial information from individuals.

The “Dirty Dozen” list, a cornerstone of the IRS’s taxpayer education efforts since 2002, serves as an annual roundup of the twelve most pervasive and harmful tax scams. Its evolution over the years reflects changes in scammer tactics, adapting to include new threats while continuing to caution against ongoing ones. Its main goal is to educate the public on the variety of frauds being perpetrated and to encourage vigilance in protecting personal information.

What Are Phishing and Smishing?

Phishing involves the use of fraudulent emails, which masquerade as legitimate messages from reliable entities like the IRS, with the aim of tricking individuals into revealing sensitive information or clicking on harmful links. The IRS describes phishing as a scheme where fraudsters send an email that “lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.”

Smishing employs a similar deceptive strategy but utilizes SMS or text messages. A smishing message might use alarming language to make the recipient believe their information or accounts are compromised, often suggesting a bogus solution that could lead to data theft. These tactics exploit the trust and urgency usually associated with IRS communications, leveraging threats or promises to trick victims into supplying sensitive information.

“Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic,” said IRS Commissioner Danny Werfel. “People can be anxious to get the latest information about their refund or other tax issues, so scammers frequently try using the IRS as a way to trick people. The IRS urges people to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.”

How to Recognize IRS Scams

Phishing and smishing scams can lead to identity theft, financial loss, and significant stress. The agency emphasizes the importance of skepticism towards any unsolicited communication claiming to be from the IRS. If necessary, the IRS will use regular mail to initiate contact with a taxpayer. The IRS does not initiate contact with taxpayers via email, text messages, or social media platforms for personal or financial information.

Phishing and smishing messages often exhibit several warning signs, including:

  • Unsolicited requests for personal or financial information.
  • Urgent or threatening language, pressing for immediate action.
  • Links to websites asking for sensitive data.
  • Typos or unusual phrasing, not typical of official IRS communications.

Steps for Handling Suspicious IRS Communications

When individuals receive suspicious emails or text messages purporting to be from the IRS, especially those requesting personal information or mentioning taxes related to investments, inheritances, or lotteries, certain precautionary steps should be taken. These steps are designed to ensure personal safety and contribute to the prevention of further scams:

  • Avoid Responding: Any engagement with the sender, such as replying to the email or text message, could lead to an increased risk of further fraudulent communications.
  • Do Not Open Attachments or Click on Links: Accessing attachments or clicking on links within the suspicious message can introduce malicious software to the device. If an individual inadvertently clicks and provides confidential information, it is advised that they immediately seek guidance from identity protection resources.
  • Report the Incident: Forward suspicious emails, with all headers, to phishing@irs.gov. For smishing attempts, forward the text to 7726 (SPAM) and then to phishing@irs.gov, ensuring to include both the message content and the sender’s details. Avoid forwarding screenshots, as they lack necessary investigative information.
  • Delete the Communication: After the suspicious email or text has been reported, it should be deleted from the inbox to prevent any accidental future interactions.

Proactive Measures

Understanding these scams and adopting proactive measures are crucial defenses against falling victim. By staying informed and cautious, taxpayers can mitigate the risk of identity theft and financial loss. For further assistance, contact Tax Partner Charles Dean Smith, Jr. or the PBMares Risk Advisory team.