The Internal Revenue Service recently reported an approximate 400 percent surge in phishing and malware incidents so far this tax season. Taxpayers should beware of any emails claiming to come from the IRS, tax software companies or other tax providers.

These fraudulent emails are designed to appear as though they come from the IRS or others in the tax industry. The real intent of these “phishing schemes” is to solicit high value personal information from taxpayers that will enable fraudulent activities. This tax season has seen fraudsters more frequently asking for personal tax information, which could be used to help file false tax returns.

“This dramatic jump in these scams comes at the busiest time of tax season,” said IRS Commissioner John Koskinen.

How do these phishing schemes work?

Tax related phishing schemes often start by sending emails or other correspondence designed to mimic official correspondence from the IRS, tax software providers or even banks. The emails are designed to look official and drive victims to websites that are also designed to look like official websites. In many cases, these emails and websites can be very realistic, with similar domains, logos, language, etc. designed to trick visitors.

Once on the fraudulent website, visitors may be asked for Social Security numbers and other personal information. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.

How can you avoid becoming a victim of a tax phishing scheme?

While these schemes can be convincing, you can protect yourself by taking a few extra precautions and inserting a healthy dose of skepticism when reading any email that asks you to follow a link and provide information. Here are a few things you can do to keep yourself safe:

• Never assume an email comes from who it says it does.
• Do not automatically trust links or websites. If you got to the link or website from an unsolicited email, back up and consider your steps.
• Remember that the IRS does not generally initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. If you receive this type of communication, call the IRS or our office to determine next steps. Do not follow links and provide personal information.
• If you receive an unsolicited email that appears to be from either the IRS e-services portal or an organization closely linked to the IRS, report it by sending it to phishing@irs.gov.
• Never provide personal information through a website if you arrived there after following a link received in an email, social media message or text message.
• Do not click links included in suspicious emails. These links can secretly download malware to your computer – opening up your personal information to fraud.
• If you have any doubts about the validity of what you are seeing, do not proceed!
• If you have any questions about a suspicious communication or website, call our office. Do not provide personal information under any circumstance unless you are 100% certain about who you are providing it to.