Technology Unwrapped

The most important technology concepts, strategies and actions uncovered for your business.

Watch Out as IRS Tax Phishing Scams Grow

Taxes Concept on File Label in Multicolor Card Index. Closeup View. Selective Focus.Have you filed your business or personal taxes yet? Either way, this time of year remains one of the most popular for phishing scams. Be certain you’re staying off the hook by watching out for these tax-related scams and phishing emails.

The Latest Email Scams

W-2 Phishing Scams

According to Sontiq, federal authorities investigating business-related schemes found more than 250,000 identities were stolen and used to file over 10,000 fake tax returns in 2019. While that was almost three years ago, the W-2 phishing scam is the primary method for gaining an employee’s personal information.

The phisher will impersonate the CEO or someone from the finance department, requesting W-2 information from you or your employees. Sometimes they will prompt you to click on links that install malware, which then gives scammers access to your device. The information is used to file fraudulent tax returns, stealing the tax dollars you earned over the past year.

‘We recalculated your tax refund, and you need to fill out this form’

Email scammers use this type of message structure to build their credibility and seem as official as possible. With the enticing subject line saying, “Tax Refund Payment” or “Recalculation of your tax refund payment,” they alert you that something went wrong after filing your taxes. They’ll provide a link to fill out a form asking for personal information, such as Social Security numbers, birthday, address, or driver’s license number. Lastly, they’ll put the official IRS logo in the header to make the layout of the email seem legit.

Beware, this is the overall structure a scammer will use to draw in your employees. They might use the same kind of layout, just word the message differently for each of their victims. Other messages might say, “Update your tax filing information,” “Tax payment was deducted from your account,” or “You are eligible to receive a refund.”

Here's how it might look:


Screenshot from Norton

Employer Identification Number Scams

Employer Identification Numbers (EINs) is a nine-digit number assigned by the IRS to a business. The number identifies employer tax accounts and may also be assigned to other entities and individuals. The IRS uses the number to identify taxpayers who are required to file business tax returns. EINs are used by employers, sole proprietors, corporations, partnerships, non-profit associations, trusts, estates of decedents, government agencies, certain individuals, and other business entities.

An EIN is obtained by filing an SS-4 form through the IRS. Scammers will send phishing emails with links to obtain the information they need for an EIN or to have you complete the form through a fraudulent website. They may even collect a fee from you at this time. In addition, scammers can obtain an existing EIN and use it to create corporate credit card accounts, business banking accounts, or establish personal credit. It is recommended that you run a credit check on your EIN number every year to view accounts that were created.

If you did not request an EIN, and no one completed it on your behalf, you can file Form 14039-B or contact the IRS for assistance.

How will the IRS contact me?

Those emails all sound pretty official, right? And the last thing you want is to get in trouble with the IRS for accidentally leaving a box unchecked or empty. But, if that is the case, there are proper channels the IRS will contact you to notify you of the missing information.

  • The IRS will not initiate contact with taxpayers via email, social media, or through text messages.
  • Official documentation from the agency will be delivered through the U.S. Postal Service.
  • After a written notice, the taxpayer might receive a call from the IRS revenue agent or private debt collectors.
  • IRS officials routinely make unannounced visits to taxpayer’s home or business to discuss taxes owed.
  • An IRS official will always have these credentials on hand: a pocket commission and a Personal Identity Verification Credential.

What should I do when I identify an IRS phishing scam?

If a fake IRS email does reach your inbox, do not respond, as it can lead to further attacks. Don’t open any attachments or links either because they can contain a malicious code that will latch onto your computer. You can forward the email as-is, including the full email header, to the IRS at

Don’t forward scanned, PDF copies, or screenshots of the emails because it removes valuable information they need to document and track the sender. After you forward the email, you can delete the original. If you do click on a link or download an attachment, notify your IT support provider immediately.

Tips to stay safe during any tax season

  1. Train your employees to spot phishing scams automatically- Check out our Cyber Security Training!
  2. Report any suspicious emails that may be a phishing attempt- if you don’t want to email the IRS, you can also contact the Treasury Inspector General for Tax Administration (TIGTA).
  3. Keep up to date with the latest tax scams- Called “The Dirty Dozen, the IRS continually updates this list of scams for consumers and businesses.
  4. Read the IRS’s Identity Theft Guide. This includes tips on how to protect your identity and data.

Make sure your personal information stays private

The IRS has issued a statement letting the public know tax scams will continue year-round, and to be on the lookout for tax-related phishing attempts. If someone is asking for your personal information, whether it’s a coworker or someone outside of your company, double check their identity before providing your or your business’s information. Want to learn more about staying off the phishing hook? We offer a FREE eBook covering the methods hackers use to break into your business systems. Download it to find out more!

Phishing CTA

Topics: Trends, Finance