Cybercrime: Beware of Fake IRS "Instant Return" or "Direct Deposit" Scams

This is a a good news/bad news blog. The good news is that because April 15 falls on  a Friday this year, the filing deadline has been extended until April 18. The bad news is with tax season almost upon all of us taxpayers in the USA, the scammers are out in force seeking to obtain bank account information from the unwary, the unwitting, and the uninformed.

Here's the phishing script in brief: An e-mail purporting to originate from the IRS shows up in your inbox. It informs you that if you e-file your tax return, you are eligible to get that money in the form of an "instant return" via direct deposit into your bank account. All of this information is true, but the e-mail also includes a handy-dandy link for you to click so you can provide the IRS with your bank account information and they can then direct deposit your return once you file your taxes. Alas, that link does not take you to the IRS Website at, nor is it the IRS that's collecting and ultimately mis-using the account information provided there. It's a phishing attack, and harvested accounts will quickly become subject to raiding and pillaging from cybercrooks.

Three things to remember in this context:
    1. The IRS does not send unsolicited e-mail to taxpayers.
    2. When the IRS does send e-mail, such e-mail never, ever includes links for readers to click to access IRS Web sites and information. The IRS also never asks for personal information in e-mails, either.
    3. If you want to e-file your taxes with the IRS, obtain refund information, or even arrange for direct deposit of any refund you might have coming to you, you should initiate contact and visit to take care of the necessary details.
The same thing goes for phone calls that make the same kind of offer. The IRS will not initiate contact with you by telephone unless prior arrangements are made by letter. Normally, if the IRS wants to talk to you, you will be asked to appear at the closest nearby IRS offices at a certain date and time. You'll have to clear airport-style security to enter the building, and all IRS employees will show you their IDs as part of their standard "meet-and-greet" behavior. There'll be no doubt that your contact is totally legit all the way.


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews