You’ve received an email that appears to be from the IRS requesting that you provide them with confidential information. Should you send them what they’ve asked for? As a Fort Collins tax accountant that has seen many of these kinds of requests, we can tell you that you definitely should not. The IRS makes it clear on its website that these types of communications do not come from them, stating:
“The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”
The email you received is an example of what’s called a “phishing” scam. Phishing is when criminals contact a person by email or other means and claim to be a representative of a legitimate company or organization. This is an attempt to obtain information such as passwords, credit card numbers, or other personal data they can profit from.
Tips for Spotting and Addressing Phishing
Before replying to or clicking a link in an email from any unknown sender, you should look for certain telltale signs that it is a phishing scam. Some of the more common include:
- Unrealistic threats. Warnings that you will be arrested, fined, lose your home, or face other negative consequences if you don’t comply with a request are almost always phishing scams.
- Poor spelling and grammar. Emails from legitimate businesses go through many levels of proofreading and review. They rarely have errors, and almost never multiple errors or awkward phrasings.
- Requests for confidential information. Email is not a safe way to send confidential information. Legitimate organizations know that and will not ask you to do so.
- Promises of financial gain. Messages that guarantee a monetary return if you simply follow the steps provided are never from a trustworthy source.
- Claims of contacting you on a loved one’s behalf. Notes that include statements like, “Your nephew has been arrested and asked me to contact you for bail money.” should not be trusted.
What should you do if you suspect phishing?
First, don’t reply and don’t click anything in the email. Even a photo can have a hidden link. You can just delete the email. However, if you want to take additional action, the Federal Trade Commission suggests that you:
- Forward phishing emails to email@example.com – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with “full email header” into your favorite search engine.
- File a report with the Federal Trade Commission at FTC.gov/complaint.
- Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
- You can also report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group – which includes ISPs, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.
If the scam is related to the IRS or your finances, you can also contact Shaw & Associates, your trusted Fort Collins tax accountant for guidance.