Earlier this month, the U.S. Internal Revenue Service put out a press release warning of a string of fraudulent 2017 tax return emails. The phishing emails attempt to trick U.S. citizens into providing personal information including social security numbers, passport information, bank account numbers etc.

The IRS noted that in 2016 a huge spike in phishing and malware incidents were observed. This year, several phishing campaigns have been seen in the wild specifically targeting tax professionals, payroll, HR and school resources in addition to average tax payers. In the press release, the IRS explains how these scams are currently working to defraud individuals and businesses:

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name. They may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. These criminals hope victims will take the bait and provide money, passwords, Social Security numbers and other information that can lead to identity theft.

Below is a link to the press release:


If you receive a suspicious email relating to a tax return, please forward them to phishing@irs.gov and promptly delete them. DO NOT open any attachments in emails that you are unsure of the source or that appears to be of a suspicious nature.

Written by Paul Tolbert
Paul Tolbert is an email security specialist & tech blogger living in Pensacola, Florida. He is the founder of TolbertSecurity.com where he post informative tips, research and up to date news regarding cyber security.