IRS warns of dangerous new email impersonation scam

The Internal Revenue Service and its Security Summit partners warned taxpayers Thursday of a new scam being perpetrated through emails purporting to be communications from the IRS.

“Remember: the IRS does not send unsolicited emails and never emails taxpayers about the status of refunds,” the agency warns.

The IRS was first alerted to the issue when taxpayers began reporting sketchy emails to the IRS, which can be done by forwarding questionable emails to phishing@irs.gov.

The emails are unsolicited communications containing links that show an IRS.gov-like website and which provide details that claim to be about the taxpayer’s refund, electronic return or tax account.

The emails provide the taxpayer with a “temporary password” or “one-time password” to “access” files that the emails claims the taxpayer will need to submit for the refund. When the taxpayer attempts to access these files, it results in opening a malicious file that installs malware on the taxpayer’s computer.

Once the malware is installed, the scammers may gain control of the taxpayer’s computer or download software onto the machine which secretly logs keystrokes, which allows scammers to find passwords to sensitive accounts, like those with financial institutions.

“The IRS does not send emails about your tax refund or sensitive financial information,” said IRS Commissioner Chuck Rettig. “This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times.”

The agency warns that it may be challenging to shut down this scam because it is utilizing dozens of compromised websites and web addresses that very closely mimic IRS.gov addresses.

It’s important to remember that the IRS does not make unsolicited contact through email, text or social media to taxpayers requesting personal or financial information, such as PIN numbers or information related to accounts with credit card companies, banks or other financial institutions.