NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and read the Tips on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of a phishing campaign, report it to IC3 at

Fraudsters and thieves often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom. They will send out bogus messages that appear to be from a company or government agency you may or may not do business with. These messages will attempt to convince you to either click on a link or call a number in order to get you to reveal information that can be used to steal your identity and/or access your accounts. Phishing messages may come through email, instant messages, and even text messages. The best steps to take if you believe a message may be legitimate is contact the company using contact information that you know is valid, such as a number from the phone book or by typing the company’s web address into your browser's address bar.