Phishing schemes and the IRS

Have you ever wondered what you’d do if you got an email from the IRS?

We are all concerned about identity theft, and our use of computers puts us at a risk. If you ever receive an unsolicited email from the IRS, please know that it is not legitimate. The IRS does not initiate communication with taxpayers through the use of email. However, if you initiate contact with the IRS via email, the agency may reply to you via email.

“Phishing” means sending an email to a user while falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information that could be used for identity theft.

One of the best ways to protect yourself against phishing is to keep your anti-virus software and a firewall up to date. But what if you receive an email from someone who claims to be from the IRS? Please don’t reply or open any links in that email, even if it looks reliable. Many of these false e-mails look just like they came from the government, complete with the IRS logo. Don’t be fooled.

The IRS takes phishing very seriously. Here’s what it says you should do if you are concerned about the legitimacy of communication claiming to be from the IRS.

If you receive an email claiming to be from the IRS that contains a request for personal information:

  1. Do not reply.
  2. Do not open any attachments. Attachments may contain malicious code that will infect your computer.
  3. Do not click on any links. If you clicked on links in a suspicious email or phishing website and entered confidential information, visit the IRS’s identity protection page.
  4. Forward the email as-is to the IRS at
  5. After you forward the email and/or header information, delete the original email message you received.

If you discover a website on the Internet that claims to be an IRS site but that you suspect it is bogus:

  • Send the URL of the suspicious site to In the subject line of the email, include the words “Suspicious website.”

If you receive a phone call or letter via standard mail from an individual claiming to be from the IRS but suspect he or she is not an IRS employee:

Phone call:

  1. Ask for a callback number and employee badge number.
  2. Contact the IRS to determine if the caller is an IRS employee with a legitimate need to contact you.
  3. If you determine the person calling you is an IRS employee with a legitimate need to contact you, call him or her back.

Letter or notice via paper mail:

  1. Contact the IRS to determine if the mail is a legitimate IRS letter.
  2. If it is a legitimate IRS letter, reply if needed.

If the caller or party who sent the paper letter is not legitimate, contact the Treasury Inspector General for Tax Administration at 1-800-366-4484.

The IRS has a one-page publication that you can read for more information: Publication 4523, Beware of Phishing Schemes.

The bottom line is being safe. If you get any communication that appears to be from the IRS and are unsure about it, check with your CPA. For complete instructions on scams relating to the IRS or to learn more, visit

Sign up for the free In Business Wisconsin Report – your weekly resource for local business news, analysis, voices, and the names you need to know. Click here.