Each year the IRS publishes the top dozen tax scams it encounters over the prior year. One of them that makes an all too common appearance on their list is the phishing scam. Here is what you need to know.

Phishing requires bait

Phishing is the act of creating a fake e-mail or website that looks like the real thing. This bait is then used to reel you into the scam by asking for private information. This includes your name, address, or phone number. It could also include potentially dangerous ID theft information like your Social Security number, a credit card number or banking information. The bait is often very real looking – just like correspondence from the IRS or the IRS website.

How to avoid the lure

How do you know the phishing is fake? Here are some tips.

1. The IRS never initiates contact via email. If you get an unsolicited e-mail from the IRS requesting a response, do not reply! Instead forward the email to phishing@irs.gov.
2. Never click or download. Perhaps even more important, never click on a link or open a file on a suspicious email. This is true even if the email comes from someone you know. Too often phishing comes from someone impersonating someone you know.
3. Know the website. This includes the appearance, but more importantly the address. The valid address for the IRS is www.irs.gov. For Social Security, the address is www.ssa.gov.
4. They may already have info about you. Good phishers already have parts of your identity, so just because they know things like your middle name and birth date does not make them legitimate.
5. Phishing over the phone. Phishing can also take place over the phone. If you receive an unsolicited phone call, get the person’s name and ID, then hang up. Then go to the IRS (or vendor) website, write down their phone number and call them back using this phone number. Most fake calls are ended quickly when taking this approach.
6. Don’t forget social media. Phishing can also happen via social media and texting. Virtually every digital resource has the potential to be used as a tool for theft.

What do phishers do?

When the phishers have your information, they can file false tax returns requesting refunds, steal bank account information, set up fake credit cards, establish false IDs, plus much more. Remember, if it smells like a phish, it probably is!