View blogs | Login

How to Spot IRS Email Scams

There are many scammers out there that try impersonating the IRS to fool unsuspecting victims into sending money or sensitive financial documents to them. Many of these are through phishing emails. Sending any information to these scammers could result in thousands of dollars lost or years of potential financial ruin. It is important to understand these phishing scams and learn how to spot them.

When scammers impersonate the IRS through email they try to make themselves as believable as possible. They will typically have the IRS logo in their body, and reference a current topic such as a tax refund, stimulus, or filing status. In addition to this their emails typically contain red-flags.

Common Signs

In the past many of these scams tried using scare tactics to fool victims into paying sums of money in order to rectify a problem. They would request payments for faulty tax reporting or late fees and threaten legal action if you did not comply, all of this being false and illegal.

Recently, however, many have resorted to a more tactile approach. Impersonating the IRS they will claim that you can login to check your claim status, and set up a bogus website that looks identical to the IRS website where it will ask you to fill out highly sensitive information such as your social security number.

There are few important points you should know about how the IRS will contact you that will help you spot scams immediately:

The IRS will never request payment over email or phone

The IRS will always initiate contact for payment through written mail, and in the very unique cases face to face. Any phone communication from the IRS will always be a message alerting you to any issues and will request that you call or write to the IRS directly.

The IRS will never accept payment through gift cards, paypal or any other non-standard payment methods.

When the IRS does collect payments, all payments must be made to the U.S. Treasury and no other recipient.

Any official IRS agent will have a HSPD-12 card that can be used to identify federal officials

If you are ever in a position where you are unsure if who you are communicating with is an IRS employee, you can request their HSPD-12 Identification Number and call the IRS directly to verify that number.

Any email coming from the IRS will always come from an @IRS.gov domain

Many scammers will create fake domains such as IRS.com or similar looking names in an effort to fool victims into thinking they are talking with the IRS.

Spotting Red Flags

Even if you are aware of the common tactics that these scammers emplore in an effort to fool you into believing that they actually are from the IRS, there are still many red-flags that should instantly reveal their true nature.

Here is an example of a fake IRS website used to try and fool victims into submitting a payment:


You'll notice that the page appears to be a legitimate IRS website. However, it is hosted on a foreign machine and any payments or information entered on the site will be sent to a malicious attacker rather than the IRS.

In addition to linking to fake websites, the email themselves contain red flags that you should be aware of:

Non-Specific Addressing

Although we already know that the IRS does not reach out over email as a point of first contact, if you are ever in a position of continuing contact with the IRS, they will never generalize who they are speaking with. If the IRS is communicating with you over email then they know exactly who they are speaking to. Expect any emails to be addressed directly to you, stating specific addresses, amounts discussed via written mail or face to face, and specific addresses if necessary. If the email starts off with a “Sir / Madam” then you should immediately stop reading the message.

Invalid domains in the email links

If the email contains links to web pages the first thing you should do is hover the mouse over the link, but do not click on it. At the bottom of your email client or browser you should see a popup with the full URL of the link you are hovering over. Pay very close attention to this link to make sure it actually goes to the correct website “irs.gov”. Scammers will attempt to make a very similar looking website, such as this particular scam website “https://www.irs.gov.northeast.office.app.ru/” which starts with the correct URL but will actually take you to a machine in Russia.

How to Prevent Phishing Scams

If you frequently get a lot of IRS phishing scams in your email, there are very few options other than ignoring them. The best option is to prevent them from being delivered to your inbox in the first place. This requires configuring your own Email Server, or spam filter, such as Xeams.

When you use a private Email Server rather than a large public one such as Google or Microsoft, you can configure it to catch unwanted spam, and potential phishing scams such as the fake IRS emails. These third-party servers and filters will contain a variety of tools that you typically will not have access to as a user of a public server, and will allow you to stop these emails from ever reaching your inbox.

One such tool in Xeams is the sandbox feature. This feature will allow you to inspect files in a virtual environment without opening them as well as alert you to any potentially malicious code or viruses in the email.

If you are interested in trying out Xeams you can check out all of the features it has to offer as well as the free trial here.


Created on: May 7, 2021
Last updated on: Oct 22, 2021

LEAVE A COMMENT

Your email address will not be published.