IRS Warning – Don’t Take the Bait! | What to Know About Cyber Phishing

Tax season has arrived, and cyber criminals are hanging out the “Gone Phishing” signs.

“Phishing” scams prey on a broad group of victims with the intention of snagging just a few. Criminals pose as familiar, trusted individuals in order to obtain sensitive information that can be used to file fraudulent tax returns. When a specific group of victims is targeted – such as tax professionals – the scam is known as “spear phishing”.

A spear phishing attack begins with an innocent-looking email. The criminal usually baits the hook by using a familiar phrase in the subject line, such as “Tax Return” if the email is being sent to a tax preparer. The criminal will then attempt to establish credibility by referencing something familiar to the intended victim, such as “got your email address from the Chamber of Commerce” or another local professional organization. The email usually continues with a request for some type of sensitive information, such as a password, or may include a link or an attachment where the potential victim will supposedly find further information. If the link or attachment is opened, it frequently downloads malware that enables the criminal to steal sensitive information.

While the IRS offers assurances that they have a team in place to deal with this type of criminal activity, they warn that there is not a definitive solution to this problem. Both taxpayers and tax professionals must be on guard as well. Here are a few suggestions about how to protect against this scam:

Be Wary

If you receive an email from someone you don’t know, be on guard. If the email encourages you disclose sensitive information – don’t! If the text of the email references someone you know, verify with that person the identity of the email sender.

Don’t Open Attachments

If the email contains an attachment, don’t open it until you’ve verified that the sender is legitimate. Sometimes criminals will include a link. Usually the link is in tiny URL format, which helps disguise the web address. Before clicking on the link, hover your cursor over the link to display the full web address. If you don’t recognize it, don’t click the link!

Security Software

Maintain up to date security software on your computer to defend against phishing, viruses, and malware. Make sure your security software updates automatically.

Protect your Passwords

Develop a complex password including a mix of letters, numbers and special characters. Or better yet, use a phrase instead of a single word. Do not use the same password or phrase for all your online accounts.

Report It

If you believe you have received a tax-related phishing email, forward it to the IRS at:





Achieva Life blogs and articles are intended to provide general information, thoughts, and articles in regards to the topics covered therein. Achieva Life is provided with the intent and understanding that Achieva Credit Union is not engaged in the act of rendering financial, consulting, medical, technological, legal, accounting or any other professional advice. The information provided within Achieva Life is not intended nor should be used as a substitute for medical, legal, or other professional advice or other expert opinions. Achieva Credit Union is not responsible for the accuracy of the information on Achieva Life and makes no representation regarding the accuracy of the content. Achieva Credit Union reserves the right to delete or block any comments. The content and comments on Achieva Life do not necessarily reflect the views of Achieva Credit Union.