← Return to Blog

1 Apr, 2022

Information Security Brief - April 2022

Impersonating Agents

Tax time is stressful enough without having to worry about fake-IRS phishing schemes

The first day of spring may technically be in March, but those of us in the world of banking and finance can’t truly enjoy the sunshine, blooms, longer days, and warmer weather until Tax Day is squarely in the rearview. Whether you’re an early filer, procrastinator, or someone in between who’s been gradually gathering documents, compiling receipts, and crunching the numbers for three months, somehow, April 15 always seems to creep upon us.

But the last day to file federal and state income taxes isn’t the only thing sneaking up on would-be filers this time of year. Cybercriminals and scam artists have seized upon the taxpayers’ anxiety towards and respect for the IRS to try and trick law-abiding citizens out of their money.

These online schemes take many forms. For instance:

  • You get an email emblazoned with the IRS logo informing you that the department has recalculated your long-awaited refund and they need you to provide more W2 information to claim your money.
  • A call or email comes from someone claiming to be an IRS agent that they are about to cancel your Social Security number because of an unpaid tax bill.
  • You have a prerecorded voicemail from the IRS urging you to call back immediately or risk arrest or losing your divers license or immigration status.
  • You receive a text with a link to check your tax refund status or see your tax transcript.

Some of these solicitations might even reference real IRS forms (like W2s) and/or tax-related organizations (like the Taxpayer Advocacy Panel or FDIC). And scamsters use the same or similar means to try and trick tax preparers, as well.

To protect yourself from these and other tax time scams, the most important thing to remember is that the real IRS never initiates contact by email, text message, or social media to request PINs, passwords, or other personal or financial information. Even though you can pay taxes, track your refund, and check your tax transcript online through the secure IRS.gov, when the agency wants to reach you, they typically do so via letter through good old-fashioned snail mail. However, if you receive a suspicious letter or query purporting to be from the IRS in your physical mailbox, it’s never a bad idea to double-check. Go to IRS.gov and search for the letter, notice, or form number. There, you should find additional information about the notice or letter, including instructions on how to respond if the correspondence is legitimate.

Other important facts to remember are that the IRS never demands payment via a specific method (such as debit cards, gift cards, or wire transfers), and it will never demand payment without offering you the opportunity to question or appeal the amount owed.

If you are contacted by a cybercriminal impersonating the IRS, take these steps:

  • Don’t reply to an email or text message.
  • Don’t click on any links or open any attachments.
  • Forward any fake emails or texts or report any fraudulent phone calls or voicemails to phishing@irs.gov
  • Delete the malicious message.

And of course, if concerned about systems being compromised by IRS impersonators contacting employees at work or customers accessing their accounts in response to any phishing scheme, feel free to contact BankOnIT for more information. We take responsibility for your entire network — from workstations and servers to tablets and smartphones. Whether it’s a customer making online transfers through your app or an employee checking work email at home; we are always actively pursuing ways to strengthen the security of your institution’s data and resources.

Tax time is stressful enough without having to worry about bad actors trying to steal your money and personal information. A little vigilance, and some help from your IT provider, can help you enjoy the spring and focus on more important things — like spending that refund.

← Return to Blog


This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.

Related Posts

Information Security Brief - November 2022

Thinking Outside the Box As shippers forecast another record year of holiday deliveries, scammers are ramping up their e...

Read more

Information Security Brief - September 2022

Rise of the Robotexts When it comes to texting scams, the key is knowing how to respond - and when not to Scammers are a...

Read more

Information Security Brief - August 2022

Seven tips while working remotely Working outside the office doesn’t have to mean sacrificing cybersecurity Remote work ...

Read more