IRS NEVER EMAILS YOU: HERE'S WHY

By SO Email Security8 min read

Learn why the IRS does not initiate contact through email, how to identify IRS phishing scams, and what to do if you receive a suspicious message claiming to be from the IRS.

IRS scamsphishingemail securitytax fraudidentity theftcybersecuritytax season securitygovernment impersonation

IRS Never Emails You: Here's Why

Direct answer

The IRS does not initiate contact with taxpayers through email, text messages, or social media to request personal or financial information. According to official IRS policy, the agency will always send a letter or notice through postal mail before calling or using other communication channels. Any unsolicited email claiming to be from the IRS is a scam. Taxpayers who receive such messages should forward them to phishing@irs.gov without clicking any links or downloading attachments, then delete the message.

What is the IRS email policy?

The Internal Revenue Service maintains strict policies prohibiting unsolicited electronic communication with taxpayers. The IRS will never initiate contact through email to request personal information, demand payment, or threaten legal action. This policy exists because email lacks the security controls necessary to protect sensitive taxpayer data.

According to IRS guidance published on irs.gov: "We will never initiate contact with you by email or require you to communicate with us by email."

The IRS may communicate electronically with taxpayers only under specific circumstances where the taxpayer has already established an ongoing case relationship with an IRS employee. In these situations, an IRS employee will first contact the taxpayer by phone to verify identity and obtain explicit consent before sending any encrypted email communication.

Key definition: IRS email phishing is a fraudulent communication in which criminals impersonate Internal Revenue Service employees through email to steal personal information, financial data, or money from victims.

The IRS classifies email phishing as one of its "Dirty Dozen" tax scams, a list the agency has published annually since 2002 to alert taxpayers to prevalent threats. The 2025 Dirty Dozen list identifies email phishing scams as one of the top 12 pervasive threats facing taxpayers.

Why does this policy matter? The scale of IRS impersonation fraud

IRS impersonation scams represent one of the most significant and persistent threats to American taxpayers.

TIGTA victim statistics: Between March 2013 and March 2025, 16,281 victims reported to the Treasury Inspector General for Tax Administration (TIGTA) that they had collectively lost more than $114 million to IRS impersonation scams. This figure represents only reported cases and likely understates the true scope of victimization.

FBI internet crime statistics: The FBI's Internet Crime Complaint Center (IC3) 2024 Annual Report documented $16.6 billion in total cybercrime losses, representing a 33% increase from 2023. Phishing attacks topped the complaint list with approximately 193,000 reported incidents. The average victim lost $19,372 to cyber crimes.

Vulnerable populations: Adults aged 60 and older face disproportionate risk from IRS impersonation scams. The FBI reported over 147,000 complaints from this age group in 2024, with losses totaling $4.8 billion. The average loss for elderly victims reached $83,000, with 7,500 complainants losing more than $100,000 each.

Enforcement results: TIGTA has initiated over 893 impersonation scam investigations, resulting in 300 individuals being charged in federal court. Of those prosecuted, 197 individuals have been convicted and sentenced collectively to more than 910 years imprisonment and ordered to pay more than $224 million in restitution.

How do IRS email scams work?

IRS email phishing attacks follow a predictable pattern that exploits urgency, fear, and trust in government institutions.

Step 1: Initial contact Criminals send unsolicited emails designed to appear as official IRS communications. These emails use IRS logos, formatting, and language that mimics legitimate government correspondence. Sender addresses may use domains like "irs-gov.com" or "irs.com" instead of the official irs.gov domain.

Step 2: Creating urgency The email presents a fabricated scenario requiring immediate action. Common approaches include claiming the recipient owes back taxes, is under investigation for tax fraud, or is entitled to an unexpected refund that requires verification.

Step 3: Threat or incentive Scammers use two primary psychological levers:

  • Threat-based emails warn of arrest, legal action, license revocation, or deportation
  • Incentive-based emails promise tax refunds or credits that require the victim to "verify" their information

Step 4: Data harvesting The email directs victims to click a link leading to a fraudulent website that mimics irs.gov. Victims who enter their information surrender Social Security numbers, bank account details, or other sensitive data directly to criminals. Some emails contain malicious attachments that install malware when opened.

Step 5: Exploitation Criminals use stolen information to file fraudulent tax returns, access bank accounts, open credit accounts, or sell the data to other criminals. Tax-related identity theft victims wait nearly two years for resolution on average, according to the 2025 National Taxpayer Advocate Objectives Report to Congress.

Real case: Hiteshkumar Patel Prosecution

On August 9, 2018, the U.S. District Court for the Middle District of Pennsylvania sentenced Hiteshkumar Patel to nearly 20 years in federal prison for his role in an IRS impersonation scheme.

Case details: Patel, a naturalized U.S. citizen residing in South Abington Township, Pennsylvania, participated in the conspiracy from August 2015 through May 2016. According to court documents, Patel and coconspirators contacted individuals by telephone, falsely claimed to represent the IRS, told victims they owed money to the IRS, and threatened them with arrest, fines, and imprisonment unless they immediately paid.

Scope of harm: The investigation identified 634 victims with a total loss of $934,406.77. The scheme operated across 18 states and crossed international borders to India. Federal prosecutors noted that Patel and his coconspirators preyed on vulnerable victims with limited financial resources.

Legal outcome: Patel pleaded guilty in November 2017 to conspiracy to commit wire and mail fraud and aggravated identity theft. The case demonstrates that federal law enforcement actively investigates and prosecutes IRS impersonation schemes, with convicted defendants facing substantial prison sentences.

Source: Treasury Inspector General for Tax Administration public case documentation

How can you identify an IRS email scam? Detection checklist

The IRS provides specific guidance for identifying fraudulent communications. Use this checklist to evaluate any email claiming to be from the IRS.

Red Flag Indicators:

Unsolicited contact: The IRS does not initiate contact with taxpayers by email, text message, or social media to request personal or financial information.

Request for immediate payment: The IRS will never demand immediate payment or threaten arrest for non-payment.

Unusual payment methods: The IRS does not request payment via gift cards, prepaid debit cards, money orders, or wire transfers.

Incorrect domain: All legitimate IRS links go to irs.gov. Links to irs.com, irs-gov.com, or similar domains indicate fraud.

Threatening or urgent language: Phrases like "Your account has now been put on hold" or "Unusual Activity Report" with demands for immediate action indicate a scam.

Request for personal information: The IRS never asks for Social Security numbers, bank account information, or credit card numbers via email.

Unexpected refund notification: If you did not file a return expecting a specific refund, treat refund notifications with suspicion.

Spelling errors or incorrect grammar: Professional IRS communications maintain consistent formatting and language quality.

How can you protect yourself? Prevention steps

Federal agencies including the IRS, FBI, NIST, and CISA recommend the following protective measures.

Immediate response protocol:

  1. Do not respond to suspicious emails claiming to be from the IRS. Any engagement increases risk of further fraudulent contact.

  2. Do not click links contained in the email. Links may lead to credential-harvesting sites or trigger malware downloads.

  3. Do not open attachments from suspicious emails. Attachments may contain malware that compromises your computer and exposes personal data.

  4. Forward the email to phishing@irs.gov, then delete it. Include all headers when possible.

  5. Report the incident to TIGTA at 800-366-4484 or online at tigta.gov if you believe you encountered an IRS impersonation attempt.

Ongoing Security Measures:

  1. Verify independently: If you receive communication claiming to be from the IRS, log into your IRS Online Account at irs.gov or call IRS customer service directly at 800-829-1040 to verify.

  2. Enable multi-factor authentication on all financial accounts and your IRS Online Account. According to NIST SP 800-63 guidelines, phishing-resistant authenticators provide the strongest protection against credential theft.

  3. Monitor your tax transcript: Regularly check your IRS tax transcript for signs of fraudulent filings.

  4. File early: Filing your tax return early reduces the window for criminals to file fraudulent returns using your identity.

  5. Use email security tools: Implement email filtering solutions that scan for phishing indicators before messages reach your inbox.

What should you do if you responded to an IRS scam? incident response

If you clicked a link, provided information, or sent payment to a suspected IRS scammer, take immediate action.

If you provided financial information:

  1. Contact your bank or financial institution immediately to report potential fraud and request account monitoring or freezes.
  2. Place a fraud alert on your credit file by contacting one of the three major credit bureaus (Equifax, Experian, or TransUnion). The bureau you contact must notify the other two.
  3. Consider placing a credit freeze to prevent new accounts from being opened in your name.

If you provided your Social Security number:

  1. File an Identity Theft Report with the Federal Trade Commission at identitytheft.gov.
  2. Complete IRS Form 14039, Identity Theft Affidavit, and submit it to the IRS.
  3. Request an Identity Protection PIN from the IRS for future tax filings.
  4. Monitor your tax account through your IRS Online Account for unauthorized activity.

If you sent payment:

  1. Contact the payment provider immediately. If you paid by gift card, contact the gift card company. If you paid by wire transfer, contact your bank.
  2. File a complaint with the FBI's Internet Crime Complaint Center at ic3.gov.
  3. Report the incident to your local police department.

Document everything: Keep records of all fraudulent communications, your reports to authorities, and any financial losses for potential recovery efforts and tax deduction purposes.

Frequently Asked Questions

Does the IRS ever send emails to taxpayers?

The IRS does not initiate contact through email to request personal information or payments. However, if you are already working with a specific IRS employee on an ongoing case such as an audit or collection matter, that employee may contact you by phone first to obtain consent, then send encrypted emails through official IRS systems. All legitimate IRS email addresses use the format employee.name@irs.gov.

How can I tell if an IRS email is real?

A real IRS email will only come after an IRS employee has contacted you by phone, verified your identity, and obtained your explicit consent to communicate electronically. The email will come from an address ending in @irs.gov and will be encrypted. If you receive any unsolicited email claiming to be from the IRS, it is a scam regardless of how official it appears.

What happens if I click on a phishing link in a fake IRS email?

Clicking a phishing link may direct you to a fake website designed to steal your login credentials or personal information. The link may also trigger a malware download that compromises your device. If you clicked a suspicious link, disconnect from the internet, run a security scan on your device, change your passwords (especially for email and financial accounts), and monitor your accounts for unauthorized activity.

Where do I report fake IRS emails?

Forward suspected IRS phishing emails to phishing@irs.gov. Use "IRS" in the subject line if the email impersonates the IRS, or "Treasury" if it impersonates the Department of the Treasury. Save the email as a file and attach it to your report if possible, as this preserves important header information. You can also report IRS impersonation attempts to TIGTA at 800-366-4484 or through their online reporting form at tigta.gov.

Can the IRS take money from my bank account without notice?

The IRS cannot seize funds without first sending multiple written notices through postal mail and providing opportunity to resolve the debt. Any communication demanding immediate payment or threatening instant seizure without prior written notice is fraudulent. The IRS always provides taxpayers with the right to appeal before taking collection action.

Executive Summary (TL;DR)

The core rule: The IRS never initiates contact through email, text, or social media to request personal information or payment. Any unsolicited message claiming to be from the IRS is a scam.

The threat: Between March 2013 and March 2025, over 16,000 victims lost more than $114 million to IRS impersonation scams. The FBI documented $16.6 billion in total cybercrime losses in 2024, with phishing as the most reported attack type.

Red flags: Unsolicited contact, urgent payment demands, threats of arrest, requests for gift card payment, suspicious URLs (anything other than irs.gov), and requests for personal information via email.

Protection steps: Never click links in unsolicited IRS emails. Forward suspicious emails to phishing@irs.gov. Verify any IRS communication by logging into your official IRS Online Account at irs.gov or calling 800-829-1040.

If compromised: Contact your financial institutions immediately, place fraud alerts on your credit files, report the incident to the FTC at identitytheft.gov and the FBI at ic3.gov, and file IRS Form 14039 if your Social Security number was exposed.

Sources

  • Internal Revenue Service. "Dirty Dozen Tax Scams for 2025." IR-2025-26. February 27, 2025.
  • Internal Revenue Service. "Sending and Receiving Emails Securely." irs.gov.
  • Internal Revenue Service. "Report Fake IRS, Treasury or Tax-Related Emails and Messages." irs.gov.
  • Treasury Inspector General for Tax Administration. "Avoid IRS-Related Scams." tigta.gov. March 2025.
  • FBI Internet Crime Complaint Center. "2024 IC3 Annual Report." April 2025.
  • National Taxpayer Advocate. "2025 Objectives Report to Congress."
  • NIST. "Digital Identity Guidelines: Authentication and Lifecycle Management." SP 800-63B.
  • U.S. Department of Justice. TIGTA Case Documentation: Hiteshkumar Patel Sentencing. August 2018.