The billions of holiday shoppers who head for their electronic devices instead of malls are well aware of the precautions they need to take as they pick perfect gifts from websites.

This year, everyone also needs to be on alert for tax crooks who’ve joined this annual online crime wave.

Specifically, the Internal Revenue Service and its Security Summit partners warn that they’ve recently seen a surge of fraudulent emails where the sender impersonates the IRS and uses tax transcripts as bait to entice users to open documents containing malware.

Transcripts as hooks to scam disaster victims: This latest tax identity theft scheme is not explicitly a disaster-related scam, but the timing of the transcript hook does coincide with the catastrophes on both the east and west coasts. If folks fall for it, they could face even more potential problems just at they’re looking to get their lives back on track.

Residents and businesses in the Carolinas and Virginia who sustained losses from Hurricanes Florence and Michael can claim those damages on their tax returns. That’s also the case for folks in the California wildfire areas.

In many of these cases, taxpayers have lost everything, including tax records, so they need to obtain tax transcripts, which is a summary of a tax return, in order to file for this tax relief.

When folks are looking for any help in recovering from disaster get an email mentioning transcripts, they could be tempted to open it, thinking it could help them speed up the available tax relief process.

Don’t. Not now. Not ever.

Getting tax transcripts yourself: In announcing this latest scheme, the IRS reiterated that it does not send unsolicited emails to the taxpaying public.

The tax agency also does not email sensitive documents, such as a tax transcript.

Instead, you can get your personal tax transcript yourself online. You don’t need to be sent a specific link to access the data.

Yes, I know some of you with good tax memories are now thinking about how the Get Transcript tool was hacked a few years ago, exposing around 334,000 taxpayer accounts and leading to a lengthy closure of the service.

But the IRS swears its new format better protects taxpayer data, in part by partially masking personally identifiable information.

Plus, you’re initiating the request, not reacting to some unexpected random email supposedly about your tax transcript.

3 tax phishing warning signs: If one of those transcript emails does show up in your email box, don’t freak out.

And definitely don’t open it.

Instead, take a minute to note these three indicators that the message likely is a criminal attempt to steal your tax identity.

First, these latest fake emails, as in prior instances, appear to be official communications from “IRS Online.”

Second, the subject line uses some variation of the phrase “tax transcript.”

Third, the electronic message also typically includes an attachment labeled “Tax Account Transcript” or something similar.

The exact from source, subject and attachment language can change with each version, notes the IRS, but they all are designed to do one thing: steal your personal and tax information.

Major malware carrier: In this latest tax transcript instance, which has been going on for the last few weeks, the IRS impersonation emails also carry malware to infect your computer or other electronic device and make the identity theft easier for the crooks.

That’s not a big surprise in the cyber-security world. A recent survey of data security breachesfound that 92 percent of malware is still delivered by email. That’s why 92 percent is this week’s By the Numbers figure.

And one of the most common methods of email malware infection is through phishing attacks, which are becoming increasingly targeted. Like those aimed at taxpayers.

The malware in the tax transcript phishing effort is Emotet, which generally has been used by crooks who pose as specific banks and financial institutions in order to trick people into opening infected documents. That’s the same aim in this tax phishing version.

The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of Emotet malware. US-CERT has labeled Emotet as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”


While individuals can be targets of this tax transcript phishing effort, the IRS and Security Summit partners say that the scam is especially problematic for businesses. Once employees open the malware, it can spread throughout the company network and potentially take months to successfully remove.

Ways to avoid becoming a tax scam victim: So again, don’t open any email that’s purportedly from the IRS. If you do so by accident, definitely don’t open any attachment.

Instead, if it shows up on your personal computer, forward the full scam message to phishing@irs.gov, then delete it. If you see these scam emails on your workplace computer, notify your company’s technology professionals.

And regardless of the form any supposed communication from the IRS comes, be it a phone call or letter or email, if it seems suspicious, trust your gut.

If you answer the phone and someone says he or she is with the IRS and calling about a tax bill you owe, don’t engage with the scammer (as tempting as that might be). Definitely don’t provide any requested information. This is one situation where you can ignore your mom’s voice in your head saying “be polite.” Just hang up.

If you miss that call and instead get a message on your machine from anyone claiming to be from the IRS (like I have; repeatedly), don’t return the call.

If a letter that seems to be from the IRS arrives in your snail mail box, don’t immediately follow its directions. Instead, if you do or think you might have a legitimate tax issue, call the IRS directly (toll-free at (800) 829-1040) to verify the legitimacy of the letter and discuss your specific situation with a real IRS representative.

Finally, those emails. Again, if you get one from the IRS or someone supposedly representing the agency, like a private tax debt collector, don’t respond. Don’t click on any links. Go directly to the real source, the IRS, yourself to check it out if you think you might really have a tax matter that needs clearing up.

The bottom line that will protect your bottom line is that when in doubt about a tax communication, assume it’s a scam and err on the side of over-caution