Scammers are impersonating the IRS in phishing emails 


Scammers are continuing to impersonate the Internal Revenue Service (IRS) with phishing emails designed to trick people into paying them money for supposed missed or late payments.

The fake emails are targeting Microsoft’s Office 365 platform users. It is estimated that  70,000 fraudulent emails have been sent.

  Abnormal Security Researchers report

On November 10, researchers at Abnormal Security released a report detailing the scam. The  IRS Impersonation Payment Fraud explains that the IRS is a popular target for spoofing email attackers. And that is the latest case the email is a more sophisticated IRS impersonation. The phishing emails are sent from a spoofed sender domain in order to try and collect fraudulent payments from the victim.

Signup for the USA Herald exclusive Newsletter

READ: How to protect yourself from phishing scams

The scammers are trying to make the emails look as real as possible. The fraudsters even spoof the origination email address to make it look credible.

For example, Abnormal Security reports that “Although the email appears to originate from the domain “”, analysis of the email headers reveals that the true sender domain is “” Additionally, the “Reply-To” email is “[email protected]”, which is not associated with the IRS and instead leads directly back to the attacker.”

They are also using fake case ID numbers, made up docket numbers, and even warrant IDs throughout the emails. These all add to the illusion.

Scammers use scare tactics

In order to intimidate their potential victims, the emails include threats. Claims that if you don’t pay, you will be arrested are designed to force the targeted victim to pay quickly without researching the situation.

The emails start with a warning that there will be a “warrant for your arrest.” And they use the tagline “Consider this as a Final Warning.”

The scammers also included threats that the emails will be forwarded to employers to withhold wages, will send the local Sheriff Department to your doorstep, and your credit will be ruined.

These latest scam emails are targeting everyone. The scammers have a widescale operation.

Keep in mind that the IRS does not do collection business via email. If you receive one of these phishing emails do not open it or click the link. Instead, go to the IRS website and check the status of your account.

“IRS email impersonations are widespread across all industries. These attacks vary in scale and victim, targeting both individuals and companies as a whole,” according to researchers at Abnormal Security. 

Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.