Fact Checked

IRS issues warning about tax transcript email scam

Businesswoman working on laptop in a hotel roomImage: Businesswoman working on laptop in a hotel room

Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Earlier this year, the IRS took steps aimed at making tax transcripts more secure — but that’s not stopping scammers from sending bogus “tax transcript” emails to get you to click into a dangerous virus.

Last week, the IRS warned consumers and businesses that scammers impersonating the IRS are sending malware-loaded emails “using tax transcripts as bait” to convince recipients to open the emails.

The malware is known as Emotet, and scammers generally use it to pose as banks and financial institutions. It’s most commonly delivered through email and is capable of stealing information from infected devices, according to internet security company Symantec. In the last quarter of 2017, Emotet activity increased 2,000%, reported Symantec.

Want to know more?

What’s the background?

The IRS warning, issued Nov. 19, notes there has been a “surge of fraudulent emails” pretending to be from “IRS Online.”

The malware-carrying emails typically have attachments labelled “Tax Account Transcript” or something similar. The subject line also uses the phrase “tax transcript” in some variation.

Why does this matter?

The U.S. Computer Emergency Readiness Team calls the Emotet malware “among the most costly and destructive malware” currently circulating, and notes it has cost state, local, tribal and territorial governments as much as $1 million per incident to remediate an infection.

Fraudsters send imposter scam emails because they tend to work. In 2017, nearly one out of every five people who reported being a victim of an imposter scam lost money — $328 million in total, according to the Federal Trade Commission.

The median amount lost to an imposter scam in 2017 was $500, says the FTC. And if you receive an Emotet-carrying phishing email on a work device and open it, every device networked with yours could also be at risk. A business’ losses could be much greater than an individual’s.

What can you do?

Tax season will be here before you know it, and you may be more inclined to pay attention to — and open — an email that mentions your private tax transcript. Be alert for signs that such emails are scams. The IRS says red flags include:

  • An attachment labeled “tax transcript” or something similar
  • “Tax transcript” (or a variation of those words) in the subject line
  • An unsolicited email purporting to be from the IRS

“The IRS … does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return,” the IRS says.

Remember, the IRS won’t send you a tax transcript unless you’ve requested one. You can do so through the IRS website or by mailing a request.

If you receive a suspicious email, don’t open it or the attachment, the IRS warns. Instead, forward the unopened email to phishing@IRS.gov and delete the scam email from your personal computer. If you receive a scam email through a work computer, notify your company’s information security team and tech professionals.


About the author: Evelyn Pimplaskar is an assigning editor with Credit Karma, covering checking, savings, personal finance and taxes. With nearly 30 years of experience in media, marketing, public relations and journalism, Evelyn’s wri… Read more.