IRS Warns of New Imposter Scam That Spreads Malware


Agency officials recently learned of a phishing campaign in which scammers pose as IRS agents to spread malware and scoop up users’ sensitive information.

Online bad actors are impersonating tax collectors to spread malware and potentially gain access to people’s computers, according to the IRS.

Last week, agency officials warned taxpayers to watch out for a new phishing campaign involving fraudsters disguised as IRS agents. The agency does not send taxpayers emails out of the blue, they said, so all unsolicited messages should be viewed with suspicion.

As part of the scam, imposters send taxpayers emails claiming to contain information about their refunds, electronic returns or online accounts, according to agency officials. The emails include links to websites that closely resemble, as well as temporary passwords that supposedly allow recipients to access their relevant files. 

When people access those files, however, they release malware that could allow fraudsters to gain control of users’ computer or covertly download spyware that obtains sensitive passwords and accounts. The scam relies on dozens of spoofed web addresses, which makes difficult to shut down, officials said.

Officials noted the IRS doesn’t request personal or financial information—including PINs, passwords or other account credentials—from taxpayers through email, text message or social media. The agency also doesn’t contact people demanding immediate payment through gift cards, prepaid debit cards or wire transfers, they said, so taxpayers should be wary of any such attempts.

While the agency has made significant strides in reducing taxpayer identity theft in recent years, officials said phone and email scams by IRS imposters still pose a significant threat to taxpayers.

"This latest scheme is yet another reminder that tax scams are a year-round business for thieves,” IRS Commissioner Chuck Rettig said in a statement. “We urge you to be on-guard at all times."