The Internal Revenue Service and its Security Summit partners today warns about a new IRS impersonation scam campaign spreading nationally on email.
The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account. The emails contain a "temporary password" or "one-time password" to "access" the files to submit the refund. But when trying to access these, it turns out to be a malicious file.
"The IRS does not send emails about your tax refund or sensitive financial information," said IRS Commissioner Chuck Rettig. "This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times."
This new scam uses dozens of compromised websites and web addresses that pose as IRS.gov, making it a challenge to shut down. By infecting computers with malware, these imposters may gain control of the taxpayer's computer or secretly download software that tracks every keystroke, eventually giving them passwords to sensitive accounts, such as financial accounts.