If your phone pings with a “tax refund approved” link or your inbox flashes a notice from the IRS demanding payment, stop. The IRS did not text or email you. Consumer watchdogs are seeing a surge in refund-themed smishing and phishing campaigns, and the Federal Trade Commission is urging taxpayers to steer clear of links and attachments that hijack identities and bank accounts.

These messages look polished, borrow IRS logos, and even mimic language from legitimate notices. But they funnel victims to fake portals that harvest Social Security numbers, bank credentials, and multifactor codes. Phishing remains the most reported cybercrime to the FBI’s Internet Crime Complaint Center, underscoring how reliable these lures are for criminals during filing season.

Table of Contents

How The IRS Actually Contacts You About Taxes
Three Ways To Stop IRS Impostor Scams And Minimize Risk
Red Flags You Can Spot In Seconds To Avoid IRS Scams
If You Already Clicked Or Responded To A Scam Message
Why This IRS Impostor Scam Keeps Working On Taxpayers
Bottom Line For Avoiding IRS Impostor Texts And Emails

A professionally enhanced image of an IRS refund notification, resized to a 16:9 aspect ratio. The original document is centered on a subtle, dark blue background with a faint circuit board pattern. The document shows a refund of $650.00 and includes a Check Your Refund button.

How The IRS Actually Contacts You About Taxes

The IRS does not initiate contact about refunds, bills, or account problems by text, email, or social media DM. The agency’s first touchpoint is almost always physical mail delivered by the U.S. Postal Service. If a revenue officer visits in person, they present two forms of official identification with serial numbers you can verify.

The IRS will not demand payment via gift cards, cryptocurrency, wire transfer, or peer-to-peer apps. It does not threaten arrest, deportation, or license revocation over the phone. Real online access to your tax data is available only through your IRS Online Account, which you should navigate to on your own—not through a link you were sent.

Three Ways To Stop IRS Impostor Scams And Minimize Risk

Verify independently before you click: Do not tap links or open attachments in unsolicited messages about refunds or balances due. Instead, sign in to your IRS Online Account by typing the web address yourself or call a published IRS phone number from the agency’s official correspondence. If the message claims to be from a state tax agency, use that state’s official site to confirm.
Add identity roadblocks that criminals hate: Get an IRS Identity Protection PIN, a six-digit code that prevents others from filing a return in your name. Freeze your credit with Equifax, Experian, and TransUnion so thieves can’t open new lines if they steal your data. Turn on multifactor authentication for tax software and financial accounts, ideally using an authenticator app instead of SMS.
Report and remove scam infrastructure: Forward phishing emails to the IRS at its phishing intake address and report smishing by copying the text and sending it to 7726, which helps carriers block sender IDs. File a report with the FTC so investigators can trace trends, and alert the Treasury Inspector General for Tax Administration if the scam impersonates IRS employees. The faster you report, the fewer victims follow.

Red Flags You Can Spot In Seconds To Avoid IRS Scams

Unexpected urgency: “Final notice” and “respond immediately” language is designed to short-circuit your judgment. The IRS rarely demands immediate action by phone or text.
Mismatched sender details: Display names can be spoofed. Expand the header to see the full email address or inspect the SMS sender. IRS domains end in .gov, and the agency does not text clickable refund links.
Data grabs up front: Requests for bank credentials, full SSNs, selfies with IDs, or one-time codes before any secure sign-in are telltale signs of a credential harvest.
Odd payment methods: Gift cards, crypto wallets, and peer-to-peer app handles are criminal favorites, not government channels.

If You Already Clicked Or Responded To A Scam Message

Act quickly. If you entered credentials, change the password on that account and any other account where you reused it, then enable multifactor authentication. If you disclosed financial details, contact your bank or card issuer for fraud monitoring and possible account changes.

Smartphone texts and email inbox showing IRS impostor phishing; FTC warning

If a return may have been filed in your name, contact the IRS and consider submitting Form 14039, the Identity Theft Affidavit. Place a credit freeze and review your credit reports for unfamiliar accounts. Save the scam message and your reports; they help law enforcement connect cases.

Why This IRS Impostor Scam Keeps Working On Taxpayers

Timing and psychology do the heavy lifting. Criminals blast refund lures when filers are expecting IRS updates, then exploit trusted brands and lookalike domains to lower skepticism. Sender ID spoofing makes texts appear to come from a short code you’ve seen before, and screenshots of fake “refund calculators” add false legitimacy.

Regulators say losses from text-based scams have soared, and phishing tops complaint volumes to federal cybercrime centers year after year. Even a small click-through rate yields big paydays for organized groups, which automate campaigns and recycle stolen data across tax fraud, unemployment fraud, and account takeovers.

Bottom Line For Avoiding IRS Impostor Texts And Emails

The IRS isn’t sliding into your DMs with a refund link. Pause, verify on your own, lock down your identity with an IP PIN and credit freezes, and report every attempt. Those three steps turn a scammer’s high-volume hustle into a dead end.