Tax refund scammers target university staff and students

The Internal Revenue Service (IRS) has warned of ongoing phishing attacks impersonating the IRS and targeting educational institutions.

The attacks focus on universities' staff and students with .edu email addresses and use tax refund payments as bait to lure unsuspecting victims.

The IRS said the phishing emails “appear to target university and college students from both public and private, profit and non-profit institutions.”

It added that the suspect emails display the IRS logo and use various subject lines, such as "Tax Refund Payment" or "Recalculation of your tax refund payment." Clicking on a link takes victims to a fake website that asks people to submit a form to claim their refund.

The scammers ask taxpayers to provide a wide array of information, including their social security number, first and last name, date of birth, annual gross income, driver's license number, current address, and electronic filing pin.

The IRS warned people who receive this scam email not to click on the link in the email but report it to the IRS.

“For security reasons, save the email using "save as" and then send that attachment to phishing@irs.gov or forward the email as an attachment to phishing@irs.gov,” the IRS said in a statement.

Taxpayers who may have provided identity thieves with this information should also get an Identity Protection PIN to prevent thieves from filing fraudulent tax returns in their names using stolen personal information.

Any scams reported to the Treasury Inspector General for Tax Administration will be investigated further by the IRS' Criminal Investigation division. Last year, the IRS identified over $2.3 billion in tax fraud schemes.

Chris Hauk, consumer privacy champion at Pixel Privacy, told ITPro that like every year, taxpayer-targeted fraud schemes are again plaguing US citizens.

“This is especially true these last two tax seasons, thanks to complications and confusion caused by COVID-19-related delays and tax law changes, as well as stimulus payments being delivered by the IRS,” he said.

“Taxpayers will need to be more vigilant than ever for possible hacking attempts. Users should never click links or open attachments sent with unsolicited emails or text messages. Users also want to be careful when opening documents, even from known sources, due to macros that can be used in MS Office documents. All users should immediately disable macros in MS Office apps."