Authorities Report Spike in IRS Scams and Ransomware Incidents

The Internal Revenue Service (IRS) continues to issue warnings about criminals who pose as the IRS and attempt to get people to send money, often using intimidation tactics to get what they want. They gather publicly available information from social media and other sources, and use that information to identify vulnerabilities.

For example, the elderly, immigrants, and people who have built up medical expenses after a health scare are often targeted. The criminal will place a phone call, using caller ID spoofing to appear legitimate. They’ll claim to be an IRS agent, even providing a bogus badge number that the victim can’t immediately verify.

The criminal will claim that the victim owes a certain amount of money, and if action isn’t taken immediately, law enforcement will be at their home or office within 30 minutes. They’ll then demand that the victim purchase gift cards from a local store and provide the card numbers to the criminal. They may also demand your Social Security number so they can file a bogus tax return and collect your refund or sell that information on the black market.

Criminals have also created emails with IRS logos to make them look official. They might say that repeated inquiries have gone unanswered, and the recipient should click the link to view the history of inquiries. When the link is clicked, malware is automatically downloaded to the victim’s computer. If it’s a work account, the malware could quickly spread across the network.

Beware of Ransomware

Ransomware attacks have increased dramatically in the past year, and they’re not limited to criminals posing as the IRS. In fact, a recent report from PhishMe found that 97 percent of phishing emails, which attempt to trick people into clicking dangerous links or providing sensitive information, contained ransomware in the third quarter of 2016.

Ransomware encrypts or blocks access to applications and data until the victim pays a ransom to have access restored. Of course, there is no guarantee that criminals will live up to their end of the deal, so authorities recommend against paying the ransom.

However, applications and data are critical to business operations. In the case of a hospital, for example, blocked applications and data could jeopardize patient safety. As a result, these ransoms are often paid, and incidents go unreported because the organization doesn’t want the negative publicity.

How to Identify an IRS Scam

The IRS will never email or text you. They’ll never ask for personally identifiable information such as Social Security numbers, PIN numbers or financial accounts. They’ll never threaten you with an arrest or legal action. They’ll never demand payment, especially in an unusual format such as a gift card or wire transfer.

The IRS and other tax agencies will typically send you a physical letter in the mail. They’ve also recently announced that they are going to be using third party collection agents who might contact you via phone. However, they won’t demand immediate payment, especially in the forms of payment used by criminals.

You’ll always have an opportunity to investigate any claims and verify them with the IRS, your bank, your attorney and your accountant. Of course, a letter can be faked as well, so it’s important to research any claim before providing information or sending money.

Report Scams, and Protect Yourself and Your Business

If you’re contacted by someone claiming to represent the IRS and you suspect foul play, assume it’s a scam. Use this chart from the IRS to report various types of scams.

Ransomware incidents and other forms of cybercrime should be reported to federal law enforcement for investigation. Contact your local FBI field office.

Of course, the best defense against most of these scams is common sense. If it doesn’t seem right, assume it’s a scam. Don’t open suspicious emails, click suspicious links, or provide information via phone to suspicious callers. Make sure your computer networks are being protected with modern security tools that continuously monitor your network for malicious activity and traffic.

The IRS and state tax agencies have also offered recommendations that can strengthen your defenses against identity thieves. Get details related to these initiatives here.

Professionals and Executives


Professionals and Executives

Business Owners


Business Owners

Retired and High Net Worth Individuals


Retired and High Net Worth Individuals