How to Report Tax Scams

Participating in an illegal scheme to avoid paying taxes can result in imprisonment and fines, as well as the repayment of taxes owed with penalties…

Irs scam

Reporting Tax Scams 

Phishing scams : Phishing is a fraud that usually involves sending unsolicited emails and/or visiting websites that look authentic in order to trick unsuspecting victims into divulging sensitive personal and financial information.

Please report to any unsolicited emails purporting to be from the IRS or an IRS-related department. Please notify the Federal Trade Commission and the Treasury Inspector General Administration (TIGTA) if you have suffered any financial losses as a result of an IRS-related event..

Promoters of abusive tax schemes or preparers of fraudulent returns

Anti-tax laws, home-based businesses, trusts, and offshore schemes are examples of common abusive tax schemes.

Please fill out an online referral using the Form 14242, Document Upload Tool, or send a completed referral form PDF, along with any promotional materials, to the Lead Development Centre in order to report promoters of these scheme types or any other types you are aware of that are not listed here:

Internal Revenue Service Lead Development Center
Stop MS5040
24000 Avila Road
Laguna Niguel, California 92677-3405

Fax: 877-477-9135

Abusive transaction involving a retirement plan

People can provide information (anonymously, if desired) about abusive tax shelters and new concerns that could be abusive in retirement plans through the Abusive Transaction Hotline.

Learn which of the above transactions the IRS has deemed to be tax evasion and how to report them.

EP Abusive Tax Transactions

The IRS is working hard to stop abusive tax haven transactions and schemes. The IRS's Tax-Exempt and Government Entities Division, which encompasses the Employee Plans office, is involved in this nationwide endeavour by investing significant resources in identifying, evaluating, and scrutinising deceptive tax shelter plans and marketing.

Listed Transactions - Background

The IRS completed its regulations against abusive tax havens. According to the regulations, a taxpayer is required to reveal certain transactions, referred to as "listed transactions," by filing a disclosure statement (Form 8886PDF and instructionsPDF) with its tax return. Form 8886-TPDF and instructionsPDF should be used by tax-exempt entities in disclosing this information. An explanation of the penalty for failing to disclose a reportable transaction is included in the instructions..

A "listed transaction" is one that is the same as, or very similar to, a transaction that has been flagged by the IRS as a tax avoidance scheme and identified through an IRS notice or other public guidance. Participants in listed transactions may be obliged to register the transaction with the IRS, disclose the transaction as required by regulations, or keep track of the investors in the transactions and furnish the list to the IRS upon request.

Furthermore, as will be covered below, these transactions have an impact on the plan's capacity to use the Employee Plans Compliance Resolution System to rectify problems. 

Employee Plans Listed or Abusive Transactions

The following employee benefit plan transactions were flagged by the IRS as abusive or listed transactions:

Deductions for Excess Life Insurance in a Section 412(i) or Other Defined Benefit Plan

The IRS and the Treasury Department released guidelines in February 2004 to stop the misuse of specific specially-crafted life insurance policies in retirement programmes. These unique policies are typically only offered to highly compensated staff members.

These special policies, which are frequently used in conjunction with Section 412(i) plans, are addressed in the guidance items when they are used to artificially increase the deductible contributions to retirement plans while significantly lowering the amount taxable when the policies are distributed to the plan participant.

Plans that have high annuity and/or life insurance premiums that, in the absence of surrender fees, beyond the sum required to pay the benefits outlined in the plan are abusive. See Rev. Rul. 2004-20PDF, Situation 1. (Note that some of these arrangements may also be springing cash value arrangements.)

Springing Cash Value Insurance Contract

A life insurance policy must be taxed at full fair market value if it is transferred to an employee from an employer or a tax-qualified plan. A certain mechanism that allows an employer to set up a qualifying plan and use plan contributions to buy a specially crafted life insurance contract has been pushed by certain businesses.

The insurance contract's cash surrender value (CSV) is momentarily reduced to a level much lower than the premiums paid. When the CSV is low, the contract is given or sold to the employee for the CSV; nevertheless, after it is passed to the employee, the CSV of the contract rises dramatically. Narrow exchange rights or other non-guaranteed components in other systems could result in a value that is higher than the CSV.

The other related items of guidance are:

  • Rev. Proc. 2005-25, 2005-17 I.R.B. 962PDF This procedure modifies and supersedes Rev. Proc. 2004-16PDF for purposes of determining fair market value of a life insurance contract, an endowment contract, etc. 
  • Revenue Ruling 2004-21PDF stating that all retirement plan participants must have equal access to the ability to obtain insurance contracts from the plan without facing discrimination.
  • Press Release IR-2004-21 - Treasury and IRS Shut Down Abusive Life Insurance Policies in Retirement Plans. (02/13/2004)
  • Employee Plans NewsPDF: An article from the summer of 2007 outlining the specifications for computations of retroactive funding standard accounts.

Large Tax Deductions Claimed from Insurance Death Benefits that Exceed Terms of the Plan

Second scenario in Rev. Rul. 2004-20PDF deals with eligible plans that purchase excessive life insurance (i.e., insurance contracts in which the excess death benefits are reinvested in the plan as a return on investment if the death benefits exceed the benefits payable to the employee's beneficiaries). According to the revenue rule, the excess death benefit premium should be recognised as a contribution in subsequent years even though it is not deductible at the time of contribution. If an employer has deducted premiums from a life insurance contract for a member whose death benefit under the contract exceeds their death benefit under the plan by more than $100,000, then these arrangements are classified transactions..

S Corporation ESOP Abuses: Certain Business Structures Held to Violate Code Section 409(p)

Revenue Ruling 2004-4 was released by the Treasury Department and the IRS to identify specific company arrangements that the IRS will treat as circumventing or evading section 409(p) of the Internal Revenue Code. According to the Court, transactions that have profits set aside in a Q-Sub or a comparable company, like an LLC, are considered "listed transactions" for the purposes of the tax shelter provisions, which include the disclosure obligations.

An investment vehicle for retirement plans that focuses mostly on employer shares is the employee stock ownership plan, or ESOP. The ownership of a "S corporation" by an ESOP is permitted by Congress, provided that the ESOP provides rank-and-file employees with a significant ownership position in the S Corporation. The profits of a S Corporation owned by an ESOP are typically not subject to taxation until the ESOP distributes those profits to the company's employees upon their retirement or departure from employment. The corporation can reinvest revenues on a tax-deferred basis thanks to this significant tax savings, which ultimately benefits the employees who participate in ESOP.

In order to ensure that rank-and-file employees do not profit from the arrangement, the ruling closes down transactions that transfer S Corporation business profits away from the ESOP. For instance, the decision forbids taking advantage of stock options on a subsidiary to deplete the value of the ESOP for the benefit of the former owners of the S Corporation or important personnel.

According to section 409(p) and the final regulations, the ruling recognises the interests in the associated corporation, including stock options, as synthetic equity. As a result, excise taxes may be applicable and the holders of those interests may be liable to considered distributions under the terms of section 409(p).

According to the verdict, these kinds of transactions—as well as those that are essentially similar—are classified as "listed transactions" for the purposes of the tax shelter laws. Specifically, the ruling states, "Any transaction in which (i) at least 50 percent of the outstanding shares of an S corporation are employer securities held by an ESOP, (ii) the profits of the S corporation generated by the business activities of a specific individual are accumulated and held for the benefit of that individual in a QSUB or similar entity (such as a limited liability company), (iii) these profits are not paid to the individual as compensation within 2½ months after the end of the year in which earned, and (iv) the individual has rights to acquire shares of stock (or similar interests) of the QSUB or similar entity representing 50 percent or more of the fair market value of the stock of such QSUB or similar entity." For this reason, an individual's rights are ascertained after considering section 409(p)'s attribution standards. These agreements are designated as "listed transactions" with regard to the S corporation and each person that the revenue ruling disqualifies.

The Treasury Department and the IRS issued a ruling to shut down abusive transactions involving "S corporation ESOPs." (01/23/2004)

S Corporation ESOP Abuse of Delayed Effective Date for Section 409(p)

Rev. Rul. 2003-6PDF was released by the Treasury Department and the IRS to track down transactions in which promoters attempted to use Employee Stock Ownership Plans (ESOPs) established prior to the application of section 409(p) of the Internal Revenue Code (IRC) to escape the effective date of the provision. According to the decision, these and transactions that are essentially similar are classified as "listed transactions" for the purposes of the tax shelter laws.

No part of the plan's assets attributable to employer S corporation shares may grow for the benefit of any disqualified individual during a nonallocation year, according to IRC section 409(p) of the Code. IRC § 409(p) restricts S businesses' ability to create ESOPs to those that benefit both previous owners and highly compensated employees in addition to providing wide-ranging employee coverage.

These rules generally apply to ESOPs for S corporations created after March 14, 2001. By December 31, 2004, S corporation ESOPs that were created on March 14, 2001, or earlier, have to be in compliance with the legislation. Promoters advertised ESOPs arrangements that qualified for the postponed implementation date of section 409(p) by holding employer securities of S corporations.

This decision explains an ESOP for a S corporation that is subject to section 409(p) nonallocation requirements and is not eligible for the delayed effective date. A presumed distribution of the stock allotted to the taxpayer's account and income with respect to that account is given to any taxpayer who is disqualified with regard to the S company ESOP. Additionally, any nonallocation year is subject to excise taxes under IRC section 4979A. 

S Corporation Tax Shelter

Notification 2004-30PDF discusses a particular kind of transaction when owners attempt to donate their nonvoting S corporation stock to a tax-exempt organisation in order to shift the income tax that the S corporation owes, while still maintaining the financial advantages associated with the stock.

Typically, a S corporation issues non-voting stock and warrants equally to each of its shareholders (the original shareholders), with assistance from a qualified retirement plan maintained by a state or local government (or other exempt organisation under section 501(a)).  The S corporation, for instance, issues warrants in a ratio of 10 warrants for every share of nonvoting stock and nine shares of nonvoting stock for every share of voting stock. Therefore, in the event that the S company has 1,000 shares of voting stock outstanding, it would grant the original shareholders warrants convertible into 90,000 shares of nonvoting stock in addition to 9,000 shares of nonvoting stock. Over a number of years, the warrants may be executed whenever they choose. The warrants' strike price is at least 90% of the nonvoting stock's stated worth, with the warrants' existence significantly lowering the nonvoting stock's fair market value (FMV).

The nonvoting stock is then donated to the exempt organisation (EO) by the original shareholders. The parties assert that the EO now owns 90% of the S corporation's equity following the donation of the nonvoting stock. The parties further assert that the EO has offsetting UBIT net operational losses, or that any taxable income allocated on the nonvoting shares to the EO is exempt from tax on unrelated business income (UBIT) under sections 511 through 514. In accordance with one or more repurchase agreements signed during the transaction, the EO may demand that the original shareholders or the S corporation pay the full face value of the EO's nonvoting stock on the day the shares are repurchased. The founding shareholders have the authority to decide the size and timing of any distributions made with regard to the voting and nonvoting shares since they hold all of the voting stock of the S company. While the EO is the owner of the nonvoting stock, the original shareholders may utilise this authority to direct the S company to restrict or halt dividends to shareholders. But for tax reasons, ninety percent of the S corporation's income is attributed to the EO during that time. The EO will receive a share of the overall economic advantage of owning shares, which is significantly less than the portion of S corporation profits allotted to the EO, due to the repurchase agreements.

Management Company S Corporation ESOPs

An Employee Stock Ownership Plan (ESOP) fully owned S Corporation is involved in a scheme that the IRS has discovered. The purpose of this arrangement is to assist a separate operational business in avoiding paying income taxes. Typically, an arrangement goes like this:

  • Owner of an operating business creates an S corporation.
  • A fee-sharing arrangement is established between the operating business and the S corporation for the delivery of specific services (usually administrative services).
  • The S corporation adopts an ESOP, and the ESOP becomes the sole shareholder of the S corporation.
  • The owner of the running company is nominated as a trustee for the ESOP and as an officer of the S corporation.
  • Lastly, the operating business, the operating business's owners, or both receive a loan from the S corporation.

The taxpayers engaged in these arrangements contend that the income of the S corporation is passed through to the sole shareholder, the ESOP, and that the running firm is entitled to deduct the payments it makes to the S corporation for administrative services. They also contend that the fees paid to the S company for administrative services are tax-free as an ESOP is exempt from income tax (or unrelated business income tax) on the money it receives from the S corporation.

The IRS disagrees with the taxpayers' description of this agreement, though. According to findings by the IRS, numerous of these agreements:

  • The operating business is not allowed to deduct the fees from the administrative services fee agreement with the S corporation, and the arrangement lacks economic substance.
  • Loans from the S company to the operating business or its shareholders are not legitimate loans, and the beneficiary of the payments is subject to income tax.
  • According to Internal Revenue Code Section 401(a), the ESOP is not a qualified plan since it does not meet a number of standards.

IRC Section 1361(c)(6) states that an ESOP becomes a taxable trust and loses its eligibility as a shareholder in the S corporation when it does not meet the conditions to be a qualified plan. Additionally, the S corporation in this arrangement gets taxable as a C corporation and loses its S corporation classification..

401(k) Accelerated Deductions

The IRS has identified 401(k) accelerated deductions (deductions for contributions of an employer to an employee's trust or annuity plan and compensation under a deferred payment plan) as listed transactions. The following revenue rulings discuss this issue.

Where the contributions are attributable to compensation earned by plan participants after the end of the taxable year, taxpayers have sought to deduct contributions to qualified cash or deferred arrangements (Section 401(k) plans) or matching contributions using the grace period provided by Section 404(a)(6). Section 404(a)(6) provides that plan contributions may be deemed to have been made on the last day of the preceding taxable year if made "on account of" such taxable year and if made not later than the time prescribed by law for filing the return for such taxable year (including extensions).

Revenue Ruling 90-105PDF According to this revenue rule, remuneration cannot be withheld and given to a plan as elective deferrals until the underlying compensation has been earned. Likewise, matching contributions cannot be paid to a plan in relation to such elective deferrals. This judgement is applicable regardless of whether the employer utilises the cash or accrual method of accounting, or whether section 404(a)(6) considers the contributions to have been paid on the last day of the taxable year..

Revenue Ruling 2002-46PDF With two exceptions: (1) the plan was amended to allow the employer's Board of Directors to set a minimum contribution for a plan year that would be allocated first towards matching contributions and elective contributions; and (2) the Board of Directors adopted such a resolution prior to the end of the employer's taxable year. The transaction detailed in this revenue ruling is the same as the transaction in Revenue Ruling 90-105.. This revenue ruling provides that these factual differences from Revenue Ruling 90-105 do not change the result.

Revenue Ruling 2002-73PDF For taxpayers who choose to adjust their accounting technique in order to comply with Revenue Ruling 2002-46, this revenue ruling changes that revenue ruling..

Certain Trust Arrangements Seeking to Qualify for Exemption from Section 419

Notice 95-34PDF explains the tax issues brought up by specific trust arrangements that are trying to get out from under IRC section 419. In this transaction, donations to many employer welfare benefit programmes are being claimed as deductions under IRC sections 419 and 419A. Contributions to a welfare benefit fund may generally be deducted by an employer when they are paid, but only if they meet the requirements of being considered regular and necessary business expenses of the employer, and only to the degree permitted under IRC sections 419 and 419A. The maximum amount of tax-deductible pre-funding that can be contributed to a welfare benefit fund is strictly limited.

Welfare benefit funds that are a part of employer plans with ten or more employees are exempt from IRC sections 419 and 419A under IRC section 419A(f)(6). Generally speaking, in order for this exemption to be applicable, an employer's contribution must exceed 10% of the total amount made by all employers under the plan, and the plan cannot be experience rated in relation to specific employers.

In order to offer severance pay, disability insurance, and life insurance benefits, promoters have put up trust structures. The promoters use the exemption from the limitations under IRC sections 419 and 419A for employers with ten or more employees to enrol at least ten employers in their multiple employer trusts and assert that all employer contributions are tax deductible when made. The assets owing to the payments made by each subscribing employer are frequently kept separate by the trusts.

Taxpayers are notified by Notice 95-34 that deductions for contributions to these plans are not permitted for a number of reasons (e.g., the plans may offer deferred compensation, be distinct plans for every employer, be experience-rated in form or operation, or the contributions may be nondeductible prepaid expenses).

The Federal Register (68 FR 42254) published the final regulations (T.D. 9079PDF) on July 17, 2003, concerning the question of whether a welfare benefit fund is a part of a plan with ten or more employers (as that term is defined in section 419A(f)(6) of the Internal Revenue Code)..

Furthermore, the owners of the corporate employers were required to pay taxes on the plan contributions as constructive dividends in a decision ruled by the Third Circuit Court of Appeals (Neonatology Associates, P.A., Et Al. v. Commissioner, 299 F.3rd 221 - 3rd Cir. 2002PDF)..

Abusive Roth IRA Transactions

The Treasury Department and the Internal Revenue Service are aware of a specific kind of transaction that taxpayers are employing in order to get around the restrictions on Roth IRA contributions. Notice 2004-8PDF applies to abuses involving indirect contributions to Roth IRAs. The notice addresses situations where value is shifted into an individual's Roth IRA through transactions involving businesses owned by the individual. For instance, a company controlled by the individual may sell its receivables to a shell company held by the individual's Roth IRA for less than fair value. This is recognised as a covert donation to the Roth IRA. According to the notification, the IRS may also claim that these are "prohibited transactions" in accordance with the Code's regulations, disqualifying the IRA and subjecting transactions involving the IRA and specific disqualified individuals to an excise tax. "Arrangements in which an individual, related persons described in section 267(b) or 707(b), or a business controlled by such individual or related persons, engage in one or more transactions with a corporation, including contributions of property to such corporation, whereby a substantial portion of the corporation's stock is owned by one or more Roth IRAs maintained for the benefit of the individual, related persons described in section 267(b)(1), or both," is what is specifically stated in the notice. The stated transactions pertain to the individuals who have their Roth IRAs maintained, the business involved in the transaction (if it's not a sole proprietorship), and the corporation whose stock is mostly owned by the Roth IRAs." Additional advice on transactions that are substantially comparable is also included in the notice.

Prohibited Tax Shelter Transaction Excise Taxes for Tax-Exempt Entities and Related Disclosure Requirements

Notice 2006-65PDF A tax-exempt company that participates in certain potentially abusive tax shelter transactions may be subject to new excise taxes and transparency requirements under the Tax Increase Prevention and Reconciliation Act of 2005 ("TIPRA"), which went into effect on May 17, 2006. Charities, churches, state and local governments, Indian tribal governments, qualified pension plans, individual retirement accounts, and other tax-favored savings programmes are just a few of the organisations that might be impacted by the new regulations. If any of these entities are involved in an illegal tax shelter transaction, the management of these entities, as well as the entities themselves in certain situations, may be liable to excise taxes.

Substantially Similar Transactions

It should be noted that any transaction that is substantially similar to the one detailed in the published guidance qualifies as an abusive transaction, as stated in each of the warnings and revenue decisions mentioned above. For instance, whether the abuse occurs in an individual IRA, a designated Roth account housed in a qualified plan, or a section 403(b) contract, it is still considered a listed transaction under Rev. Rul. 2004-8 (abuse of Roth accounts).

How Abusive Transactions Impact Availability of EPCRS

According to Rev. Proc. 2019-19, Section 4.12, the Employee Plans Compliance Resolution System (EPCRS) will not offer the Self-Correction Programme (SCP) or the Voluntary Correction Programme (VCP) if:

  • An abusive tax avoidance transaction (ATAT) has involved the plan or its sponsor, and
  • The ATAT is either directly or indirectly related to the failure that is being fixed.

Any transaction mentioned under Section 1.6011-4(b)(2) and any other transaction designated as abusive on the EP Abusive Tax Transactions page are considered ATATs for the purposes of SCP and VCP.

If the plan or plan sponsor has been a party to an ATAT, the Audit Closing Agreement Programme and SCP might not be available for a plan that is being assessed under Section 5.08. For this purpose, any of the aforementioned transactions as well as any other transactions that the IRS discovers were done with the intention of avoiding taxes are deemed ATATs.

Report an Abusive Transaction Involving a Retirement Plan

Employee Plans keeps an Abusive Transaction Hotline available for people to use to report information about abusive tax shelters and new concerns that could be abusive in retirement plans, in an anonymous manner if desired.

Additional Resources

IRS Corporate Abusive Tax Transactions: A list of transactions that include citations to relevant publications, rules, court decisions, and other guidance.

S Corporation ESOP Guidance: Helpful information and guidelines to help you identify potential problems with S Corporation ESOPs.

IRS and the Treasury Issue Section 409(p) Final Rules - Under Section 409(p), the Treasury Department and IRS released the final regulations. In general, accruals or allocations under an employee stock ownership plan (ESOP) that holds S corporation stock are prohibited by this section of the tax law if the ownership interest in the ESOP or in the rights to acquire the corporation are concentrated among 10% of owners to the extent that they own 50% or more of the interests in the corporation.

Abusive transaction involving an exempt organization

For-profit companies occasionally employ exempt organisations as accomodation parties in abusive tax avoidance deals.

To report these schemes using Form 13909, Tax-Exempt Organisation Complaint (Referral) Form, visit the Exempt Organisation Abusive Tax Avoidance Transactions website.

Abusive tax shelters and transactions

Information on abusive tax shelters can be reported anonymously, if desired, by calling the IRS's abusive tax shelter hotline. The primary focus of the Office of Tax Shelter Analysis is potentially abusive transactions that could be utilised by several taxpayers and present a substantial risk to IRS compliance..

How Do You Report Suspected Tax Fraud Activity?

Online reporting is available if you suspect someone or a company committing tax fraud.

Report Suspected Tax Law Violations

If you believe a person or company is not abiding by the tax regulations, use Form 3949-A, Information Referral. Form 3949-A is available for online or mail submission. We do not accept phone referrals for tax law violations. When you report tax fraud, we promise to keep your identity private. A status or progress report will not be sent to you because IRC 6103 requires tax returns to be kept confidential.

Tax fraud includes:

  • False exemptions or deductions
  • Kickbacks
  • A false or altered document
  • Failure to pay tax
  • Unreported income
  • Organized crime
  • Failure to withhold
  • Failure to follow the tax laws


To claim a reward for information about tax fraud, use Form 211, Application for Award for Original InformationPDF.

Report Identity Theft

If you believe someone has stolen your identity and is using your Social Security number to apply for jobs or file taxes, go to Identity Theft Central. Visit the Taxpayer Guide to Identity Theft as well.

Identity theft connected to taxes occurs when someone obtains your personal data in order to perpetrate tax fraud. If your Social Security number is used to submit a bogus return, get a refund, or get credit, it may have an impact on your taxes.

Information for Individuals

Recognise the warning signs of identity theft, act if you've been a victim, and safeguard your identity and data..

Taxpayer guide to identity theft

Keep your identity safe

You can now log in with your username, password, plus a third personal item, such as a phone number, if you file your taxes online. You can protect your identity and data by using all three..

Tax-related identity theft occurs when someone uses your stolen personal information, including your Social Security number, to file a tax return claiming a fraudulent refund.

If you suspect you are a victim of identity theft, continue to pay your taxes and file your tax return, even if you must file a paper return.

Know the signs of identity theft

You may not know you’re a victim of identity theft until you’re notified by the IRS of a possible issue with your return.

Be alert to possible tax-related identity theft if:

  • You get a letter from the IRS inquiring about a suspicious tax return that you did not file.
  • You can’t e-file your tax return because of a duplicate Social Security number.
  • You get a tax transcript in the mail that you did not request.
  • You get an IRS notice that an online account has been created in your name.
  • You get an IRS notice that your existing online account has been accessed or disabled when you took no action.
  • You get an IRS notice that you owe additional tax or refund offset, or that you have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages or other income from an employer you didn’t work for.
  • You’ve been assigned an Employer Identification Number, but you did not request an EIN.

Take action if you are a victim

There are steps you can take if your Social Security number or other personal information is compromised.

Use tab to go to the next focusable element

If your Social Security number is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these actions:

  • Respond immediately to any IRS notice: Call the number provided.
  • If your e-filed return is rejected because of a duplicate filing under your Social Security number, or if the IRS instructs you to do so, complete Form 14039, Identity Theft AffidavitPDF, attach it to the back of your completed paper tax return and mail to the IRS location based upon the state you reside. If you prefer, you have the option to submit the Form 14039 online and mail your paper return separately.
  • Visit for steps you should take right away to protect yourself and your financial accounts.

See Identity Theft Victim Assistance: How It Works for more information about how the IRS can help you.

If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 800-908-4490. We have teams standing by to help you.

Fraudulent returns

If you believe someone has filed a fraudulent return in your name, you can get a copy of the return. See Instructions for Requesting a Copy of Fraudulent Returns.

Instructions for Requesting Copy of Fraudulent Returns

We know that identity theft is a frustrating process for victims, and we are taking aggressive steps to stop fraudulent returns before they are processed. We understand victims want to know more about the information used on the fraudulent returns using their Social Security number (SSN).

A victim of identity theft or a person authorized to obtain the identity theft victim’s tax information may request a masked (one with some information blacked out) tax return transcript of the fraudulent return that was filed and accepted by the IRS using the identity theft victim’s name and SSN. Due to federal privacy laws, the victim’s name and SSN must be listed as either the primary or secondary taxpayer on the fraudulent return; otherwise, the IRS cannot disclose the return information. For this reason, the IRS cannot disclose return information to any person listed only as a dependent.

Partial or full masking will protect additional possible victims on the return. However, there will be enough data for you to determine how your personal information was used. You will receive a masked tax return transcript of the fraudulent tax return filed using your SSN.

To make the request, you will need to complete a Form 4506-F, Request for a Copy of a Fraudulent Tax ReturnPDF, and choose one method (below) of submitting this form, either by mail or fax, not both.

  • Submitting by Mail

Department of the Treasury
Internal Revenue Service
Fresno, CA 93725

  • Submitting by FAX

Include a cover sheet marked ‘Confidential’
FAX this form toll-free to: 855-807-5720

The IRS may return your request if it is made in a manner other than described in these instructions.

Note: For requests being sent using a Private Delivery Service ship to:

Internal Revenue Service
3211 S Northpointe Drive
Fresno, CA 93725
"Identity Theft - Request for Fraudulent Return"

Required information for a request by the identity theft victim

If you are the person whose name and SSN was used to file a fraudulent tax return, a Form 4506-F must be completed and must contain the following information:

  • Your name and SSN.
  • Your mailing address.
  • Tax year(s) of the fraudulent return(s) you are requesting.
  • Your signature.

Required information for a request by a person authorized to obtain the identity theft victim’s tax information

If you are authorized to obtain the identity theft victim’s tax information, the Form 4506-F must contain the following information:

  • Your name and tax identification number (usually your SSN).
  • Your relationship to the victim of identity theft (for example, parent, legal guardian, or authorized representative)
  • Your mailing address.
  • Centralized authorization file (CAF) number if you were assigned one by the IRS for an authorization that is on file with the IRS covering the requested tax year(s).
  • Tax year(s) of the fraudulent return(s) you are requesting.
  • The taxpayer’s name and SSN.
  • The taxpayer’s mailing address.
  • Your signature.

Your Form 4506-F must be accompanied by a copy of your documents demonstrating your authority to receive the requested tax return information (for example, Form 2848, Form 8821, or a court order) unless:

  • You are requesting return information of your minor child as a parent or legal guardian.
  • Your authority to obtain return information for the requested tax year(s) is on file with the IRS and you are providing your CAF number. FAQs

How long will it take to get the copy of the fraudulent return?

The time required to fulfill your request will depend on several factors. One factor is whether there are any open, unresolved issues with a tax return for a tax year requested. These are very complex cases, and we will need to resolve the underlying identity theft case before we can provide the return. The IRS will acknowledge your request within 30 days of receipt and most fraudulent return requests are resolved in 120 days or less, but due to extenuating circumstances caused by the pandemic our identity theft inventories have increased dramatically and on average it is taking us 430 days to process these requests. You will receive follow-up correspondence providing status updates. The IRS takes identity theft seriously and is committed to resolving requests as quickly as possible and is taking steps to reduce this timeframe.

Why is some information on the return masked/redacted?

The IRS may disclose return information from a fraudulent return to a person whose name and SSN are listed as the primary or secondary taxpayer when the disclosure does not seriously impair Federal tax administration. Although some information will be masked or partially masked, the remaining information will allow you to determine what information the identity thief may have about you and your family. 

Why can’t I request a copy of a fraudulent return that lists me or my child as a dependent?

Due to federal privacy laws, the IRS cannot disclose information to a person who is listed on a fraudulently filed tax return unless that person’s name and SSN is listed as the primary or secondary taxpayer on the return.

I received a letter returning my request because it was for a business. Why is the IRS returning requests for business returns?

At this time, you can only request a copy of a fraudulent tax return filed using Forms 1040, 1040-NR, 1040-NR-EZ, or 1040-SR.

I received a letter returning my request because my address didn’t match IRS records. What do I need to do?

We will reject a request if the address you listed in the request does not match your IRS address of record. If you have recently moved and did not file a Form 8822, Change of Address, with the IRS, you will need to file this to change your address of record. You can resubmit your request for a copy of the fraudulent return after the IRS processes your address change.

How many tax years can I request?

You can request copies of fraudulent returns for the current tax year and previous six tax years.

I attempted to e-file my return and it was rejected because someone already filed using my SSN. Can I request this information now?

You may make a request at any time, but we must resolve the identity theft case before we can share the return. If you have just found you are a victim, please see our Taxpayer Guide to Identity Theft for the best steps to take to resolve your case.

Dependents If you e-file your tax return and get a message telling you that a dependent on your return has been claimed on another tax return or their own, or if you receive an IRS Notice CP87A, you’ll need to find out why someone else claimed your dependent. Learn more at What to Do When Someone Fraudulently Claims Your Dependent.

What To Do When Someone Fraudulently Claims Your Dependent

 If you e-file your tax return and get a message telling you that a dependent on your return has been claimed on another tax return or on their own tax return, or if you receive an IRS Notice CP87A, you’ll need to verify you entered the correct information for the dependent(s) you claimed.

Did you enter your dependent’s information correctly?

If so, you need to know the IRS is prohibited from telling you who claimed your dependent(s).   Due to federal privacy laws, the IRS can only disclose the return information if the victim’s name and SSN are listed as either the primary or secondary taxpayer on the fraudulent return. For this reason, the IRS cannot disclose return information to any person listed only as a dependent.

If you don’t know anyone who could have claimed the dependent, your dependent may be a victim of identity theft. See The Taxpayer's Guide to Identity Theft for steps you may take if you feel you or your dependent’s identity has been stolen.

Using the Interactive Tax Assistant on, verify you meet the requirements to claim the dependent(s). Once you verify another person was not eligible to claim your dependent(s), you’ll need to take steps to protect your right to claim the dependent(s) and ensure an accurate filing.

Three primary steps to Claim your Dependent

If you confirmed you are eligible to claim the dependent(s), take the following steps:

  1. File a paper return
    • Prepare paper tax return.
    • Claim your dependent(s).
    • Mail the completed tax return to the IRS.

  2. Your refund will be delayed while we investigate your case. Paper tax returns can take up to six to eight weeks for us to process.
  3. You need to prove you’re entitled to claim the dependent
    • This (Form 886-H-DEPPDF) provides a comprehensive list of supporting documentation to assist in resolving your case. Secure copies of birth certificates, proof of identity and documents that show your dependent lived with you at the same address for more than half of the calendar year.
    • Recordation such as school, medical, daycare, or social service records on official letterhead from a school, medical provider, social service agency, or place of worship that shows names, common address and dates.
    • If you receive a CP75A Notice, it means we're investigating the information you’ve provided and need additional documentation to verify the dependent exemption(s) and filing status you claimed on your tax return.
  4. Answer when the IRS contacts you About two months after you file a paper return, we’ll begin to determine who’s entitled to claim the dependent.
    You may receive a letter (CP87A) from us, stating your child was claimed on another return. It will explain what to do, either file an amended return or do nothing.
    The other person who claimed the dependent will get the same letter. If one of you do not file an amended return that removes the child-related benefits, then you may be audited by us to determine who can claim the dependent.
    In that case, you’ll get a letter in a few months to begin the audit. In the audit, we’ll require you to provide proof that you’re entitled to claim the dependent. Be sure to reply completely and by the response deadline. After we decide the issue, we’ll assess any additional taxes, penalties, and interest on the person who incorrectly claimed the dependent.
    You should discuss with concerned family members, the claiming of children before a situation like this arises.

Learn more about dependents and know your options and rights in Publication 501.

Data breach

Not all data breaches or computer hacks result in tax-related identity theft. It’s important to know what type of personal information was stolen.

If you’ve been a victim of a data breach, keep in touch with the company to learn what it is doing to protect you and follow the “Steps for victims of identity theft.” Data breach victims have the option to submit a Form 14039, Identity Theft Affidavit online, or by completing the fillable Form 14039PDF, printing and then mailing or faxing the form to the IRS.  Choose one option and submit the form if your Social Security number has been compromised and your e-filed return was rejected as a duplicate or the IRS instructs you to file the form.

Employment-related identity theft

If you believe someone has been using your Social Security number for employment purposes (as opposed to filing fraudulent tax returns for refunds in your name) see our Guide to employment-related identity theft.

Assigned an EIN not requested

If you've been assigned an Employer Identification Number (EIN) that you didn't request, you should first determine if someone acted legitimately on your behalf.

It's important for you to determine why the EIN was assigned to you before assuming you're a victim of identity theft. A third party may have requested an EIN on your behalf for a legitimate business purpose. What to do if you’re assigned an Employer Identification Number (EIN) you did not request.

Protect your data and identity

Your computer and mobile phone

The IRS, state tax agencies and the tax industry need your help to fight back against identity thieves. See Taxes. Security. Together.

Some tips:

  • Use security software and make sure it updates automatically; essential tools include virus/malware protection and a firewall.
  • Use encryption programs to protect sensitive digital data.
  • Treat your personal information like cash; don’t leave it lying around.
  • Use strong, unique passwords; consider a password manager.
  • Use multi-factor authentication when it's offered.
  • Give personal and financial information only over encrypted websites; look for “https” addresses.
  • Back up your files.

Phishing emails and scams

Identity thieves use phishing emails to trick users into giving up passwords and other information. Don’t take the bait. There are several tips the Federal Trade Commission provides that you can follow to avoid phishing scams, such as not responding to e-mails that ask for personal or financial information. Share this information with family and friends.

Please report IRS, Treasury and/or tax-related suspicious online or emailed phishing scams to For more information, please see Report Phishing.

Please report IRS impersonation scams - especially if you are a victim - to the Treasury Inspector General for Tax Administration’s IRS Impersonation Scams Reporting.

You can report other suspicious online or emailing phishing scams to


Create strong passwords that follow these simple guidelines:

  • Use long phrases that you can remember, combined with characters and numbers.
    • Example: SomethingYouCanRemember@30.
  • Use a different password for each account and use a password manager.
  • When possible, don’t use your email address as your login ID.
  • Use two-factor authentication whenever it’s offered. This is particularly important for protecting your email, financial and social media accounts.

Multi-factor authentication

If you do your own taxes using an online provider, you have the option of using multi-factor authentication as another layer of protection. The IRS strongly encourages the use of this option. It helps prevent identity thieves from accessing your online account with your tax provider.

Generally, a multi-factor authentication option allows the user to receive a security code, for example, as a text to a mobile phone. When you return to use the product, you must enter your username, password and the security code to complete the login process.

Most financial institutions, social media and email providers also offer multi-factor authentication options. People should opt for multi-factor authentication wherever it is offered.

IRS Identity Protection PINs

All taxpayers who can verify their identities are eligible for an Identity Protection PIN. The IP PIN is a 6-digit PIN that offers additional protections for your Social Security number on your tax return.

To obtain an IP PIN, use the Get an IP PIN tool to opt into the program. If you already have an IRS account, enter your username and password. If not, you must pass an identity verification process to create an account and request an IP PIN. 

For details on the IP PIN and alternatives for those who cannot authenticate online, see Get an IP PIN.

How we help

The IRS, state tax agencies and the tax industry work in coordination as the Security Summit to protect taxpayer data. Our program includes safeguards that identify suspicious returns.

We never:

  • Initiate contact with taxpayers by email, text or social media to request personal or financial information
  • Call taxpayers with threats of lawsuits or arrests
  • Call, email, or text to request taxpayers’ Identity Protection PINs

Unemployment Benefits

What to do if your name was used to claim unemployment benefits you did not receive.

Identity theft and unemployment benefits

States have experienced a surge in fraudulent unemployment claims filed by organized crime rings using stolen identities. Criminals are using these stolen identities to fraudulently collect benefits across multiple states.

Because unemployment benefits are taxable income, states issue Form 1099-G, Certain Government Payments, to recipients and to the IRS to report the amount of taxable compensation received and any withholding. Box 1 on the form shows "Unemployment Compensation." You should report fraud to the issuing state agency and request a corrected Form 1099-G.

For details on how to report fraud to state workforce agencies, how to obtain a corrected Form 1099-G, a list of state contacts and other steps you should take if you are a victim, see the U.S. Department of Labor’s page. Please follow Department of Labor guidance on reporting fraud and protecting yourself from additional scams.

You may be a victim of unemployment identity theft if you received:

  • Mail from a government agency about an unemployment claim or payment and you did not recently file for unemployment benefits. This includes unexpected payments or debit cards and could be from any state.
  • An IRS Form 1099-G reflecting unemployment benefits you weren't expecting. Box 1 on this form may show unemployment benefits you did not receive or an amount that exceeds your records for the unemployment benefits you did receive. The form itself may be from a state in which you did not file for benefits.
  • While you are still employed, a notice from your employer indicating that your employer received a request for information about an unemployment claim in your name.

IRS information for taxpayers

When you file your income taxes, ONLY include income you received, even if you have not yet received a corrected 1099-G from the state.

  • The processing of your tax return should not be delayed while your report of unemployment identity theft is under investigation.
  • Do not report the incorrect 1099-G income on your tax return.
  • The American Rescue Plan of 2021 provides for a one-time exemption of $10,200 per person in unemployment benefits to individuals and couples who earned $150,000 or less in 2020. If you have already filed your taxes, do not file an amended return. See tax treatment of 2020 unemployment compensation for more information.
  • There is no requirement to file a Form 14039, Identity Theft Affidavit. A Form 14039 should be filed only if the taxpayers' e-filed tax return is rejected because a duplicate return with their Social Security number is already on file or if the IRS instructs them to file a Form 14039.
  • Taxpayers who were victims of an unemployment benefits identity theft scheme should consider opting into the IRS Identity Protection PIN program. An IP PIN is a six-digit number that helps prevent thieves from filing federal tax returns in the names of identity theft victims. The IP PIN is a voluntary program open to any taxpayer who can verify his or her identity. See details at Get an IP PIN.

IRS information for employers

Employers are often the first line of defense against unemployment fraud. Employers should:

  • Respond quickly to state notices that its employees have filed for unemployment claims, especially if the names on the notices are not employees;
  • Be alert to misuse of the IRS-issued Employer Identification Number that fraudsters may use to file jobless claims;
  • File a Form 14039-B, Business Identity Theft AffidavitPDF, if the company’s EIN is being used to generate fraudulent unemployment benefit claims.
  • Write to the IRS to close out the business tax account if the company is going out of business; this will help curtail the misuse of dormant EINs.

Justice Department warns on fake unemployment benefit websites

The Department of Justice recently warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.

To lure consumers to these fake websites, fraudsters send spam text messages and emails purporting to be from an SWA and containing a link. The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data. That information can then be used by fraudsters to commit identity theft.

Help stop these scams by reporting them and using the list of state contacts at

Taxes. Security. Together. We all have a role to play in protecting your data

We need your help.

The IRS, state tax agencies and the tax industry, working together as the Security Summit, have made significant progress in the fight against tax-related identity theft. Since 2015, the partnership has taken numerous steps to better protect your data. Despite these successes, identity theft remains a threat. There is much work to do, but we can't do it alone.

We are asking you - taxpayers, tax professionals and businesses - to join with us to create an even stronger partnership. Our "Taxes. Security. Together" awareness campaign is an effort to better inform you about the actions you can take to protect your sensitive data.

Events and campaigns

National Tax Security Awareness Week 2023

Working together as the Security Summit, the IRS, state tax agencies and the nation's tax industry joined together for the 8th Annual National Tax Security Awareness Week on November 27-December 1, to urge increased security measures to protect against tax-related identity theft and scams.

The week is highlighted by a week-long series of educational materials to help protect individuals, tax professionals and businesses from identity theft. In addition, tax professionals are encouraged to register and attend a November 30 webinar titled Developing a Written Security Information Plan.

Protect Your Clients; Protect Yourself — Summer 2023

The Internal Revenue Service and the Security Summit partners remind tax professionals to stay alert against new and ongoing threats of tax-related identity theft this summer.

In its eighth year, the "Protect Your Clients; Protect Yourself — Summer 2023" campaign focuses on raising awareness among tax professionals about the importance of maintaining strong security. This can help protect sensitive taxpayer data that tax professionals have while also protecting their business from identity thieves.

Tax professionals are prime targets of criminal syndicates that are both tech- and tax-savvy and well-funded. These scammers either trick or hack their way into tax professionals' computer systems to access client data. Even when tax pros think they have client data stored in a secure cloud, lack of strong authentication can make this information vulnerable.

Thieves can use stolen data to file fraudulent tax returns. This makes it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns. Prior years campaigns:

Security Summit

The Security Summit is a unique public-private partnership formed in 2015 to protect taxpayers and the tax system against identity theft refund fraud.

The Security SummitPDF consists of IRS, state tax agencies and the tax community, including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions. Total membership includes 42 state agencies and 24 industry offices in addition to the IRS.

The Security Summit members are organized into six work groups, each tasked with addressing an area of need and each with a co-lead from the IRS, states and industry.

Identity theft tax refund fraud - Information Sharing and Analysis Center (ISAC)

In 2016, Security Summit partners agreed there was a need for a formal public-private partnership where sharing could take place in a collaborative environment based on partner-agreed rules.

In 2017, the IRS, state tax agencies and the tax industry created a public/private partnership, to facilitate information sharing consistent with applicable law, and analytics necessary to detect, prevent, and deter activities related to stolen identity refund fraud.

The ISAC purpose is to:

  • Facilitate information exchange for tax administration purposes related to identity theft tax refund fraud.
  • Provide a forum for participants to discuss real-time responses to such fraud schemes.
  • Promote the advancement of data analysis, capabilities, methodologies and strategies to detect, reduce, and prevent this type of fraud.

The ISAC issued its first Annual Report in April 2018. It highlights key accomplishments across three measures:

  1. Levels of industry and state participation in the ISAC.
  2. Volume and quality of alert and data contributions that identify ecosystem threats.
  3. Volume and quality of ISAC data analysis to identify suspected fraud.

This report also outlines the ISAC strategic plans going forward, to ensure a tax ecosystem where taxpayers can confidently file their taxes safely and securely.

For an overview of what the Identity Theft Tax Refund Fraud (ISAC) is doing to prevent identity theft see Using a Public-Private Partnership to Address a Common ProblemPDF and How the ISAC Compliments the Security SummitPDF.

ISAC annual reports

2023 National Tax Security Awareness Week

The IRS, state tax agencies and the nation's tax industry held the 8th Annual National Tax Security Awareness Week on November 27–December 1, focusing attention on taxpayers protecting sensitive financial information against identity thieves.

Previous years

Awareness campaigns

  • Protect Your Clients; Protect Yourself – Summer 2023 — Protect Your Clients; Protect Yourself focuses on a reminder for tax pros to focus on fundamentals and to stay alert against new and ongoing threats of tax-related identity theft this summer.
  • Boost Security Immunity: Fight Against Identity Theft — Boost Security Immunity: Fight Against Identity Theft will urge tax professionals to take basic actions to stem the data theft from their offices. This is the sixth year that the Security Summit partners – the IRS, state tax agencies and the nation’s tax community – have worked to raise awareness about these issues.
  • Working Virtually: Protecting Tax Data at Home and at Work — Working Virtually: Protecting Tax Data at Home and at Work is a Security Summit awareness campaign to highlight security actions key to protecting tax professionals as they respond to COVID-19 while working remotely from their office and clients.
  • Tax Security 2.0 — The "Taxes-Security-Together" Checklist is a Security Summit awareness campaign to call on tax professionals nationwide to take time to review their current security practices, enhance safeguards where necessary and take steps to protect their businesses from global cybercriminal syndicates prowling the Internet.
  • Protect Your Clients; Protect Yourself — Every tax professional in the United States, whether a member of a major accounting firm or an owner of a one-person storefront, is a potential target for highly sophisticated, well-funded and technologically adept cybercriminals around the world.
  • Taxes-Security-Together — We are asking you, taxpayers, tax professionals and businesses, to join with us to create an even stronger partnership. Our "Taxes-Security-Together" awareness campaign is an effort to better inform you about the actions you can take to protect your sensitive data.

Apply to become a member of the Security Summit

Organizations involved in the preparation and processing of tax returns and refunds (such as software firms, tax preparation firms, payroll processors or financial institutions and/or processors of tax time financial products) and governmental tax agencies are welcome to apply for membership in the Security Summit, a collaborative effort to fight identity theft tax refund fraud. If your agency or organization meets the required Membership CriteriaPDF, please complete the Security Summit Membership ApplicationPDF and submit a statement of interest describing your role, mission and functional responsibilities within the tax ecosystem. Also see the Required Criteria and Qualifications Statement of Interest ExamplePDF.

If you have any questions or need additional information, please email

How taxpayers can help

We've listed a few common-sense suggestions that can make a big difference. Also see Publication 4524, Security Awareness for TaxpayersPDF or Publicación 4524SP, Concientización sobre la seguridad para los contribuyentesPDF

A few highlights:

  • Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records you store on your computer. Use strong, unique passwords for each account.
  • If you do your own taxes online, use your provider's multi-factor authentication option to protect your online account. This multi-factor or 2-factor authentication will help prevent thieves from accessing your online tax account and stealing your information. Multi-factor authentication is now commonly offered to protect other accounts such as social media, email and others. Please use multi-factor authentication wherever it is an option.
  • Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
  • Protect your personal data. Don't routinely carry your Social Security card, and make sure your tax records are secure. Shop at reputable online retailers. Treat your personal information like you do your cash; don't leave it lying around.

How tax professionals can help

Tax preparers are critical and valued partners in the tax administration process, and they have an important role to play in helping prevent identity theft.

Tax practitioners should review their own security features. More and more, tax professionals are the targets of identity thieves. See Identity Theft Information for Tax Professionals for basic steps to protecting client data and what to do if targeted by cybercriminals.

Tax preparers can share Publication 4524PDF with clients to help raise awareness about important security steps.

Practitioners also should complete the "know your customer" information fields that may be on the electronic Forms 1040 and Forms 1120 series.

See our Protect Your Clients; Protect Yourself page for information about this campaign and additional security information.

How businesses can help

Business and other organizations, especially trusts, estates and partnerships, should be aware that they too can be victims of identity theft. Criminals may file Forms 1120, 1120S or Schedule K-1 in their names. See Identity Theft Guide for Business, Partnerships and Estate and Trusts for more details.

Businesses and other organizations also can help combat identity theft by helping educate their employees, clients and customers. Businesses can share Publication 4524PDF or create their own messages urging employees, clients or customers to protect their data and beware of phishing emails, the most common tactic used by criminals to steal data.

Business also should educate their payroll and human resources employees about a dangerous phishing scam. The Form W-2 scam tricks payroll and human resources employees into sharing employee wage and income information by posing as a company executive. See Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

Businesses that retain sensitive financial data also should review and update their security plan. Publication 4557, Safeguarding Taxpayer DataPDF, provides a good place to start and includes helpful recommendations.

Report Other Types of Tax Fraud

Report Suspected Abusive Tax Promotions or Preparers - Form 14242PDF

Abusive tax promotion or avoidance scheme.

Return Preparer Complaint - Form 14157PDF

Fraudulent activity or an abusive tax scheme by a tax return preparer or tax preparation company.

Tax Return Preparer Fraud or Misconduct Affidavit - Form 14157-APDF

Tax return preparer filed a return or altered your return without your consent and you are seeking a change to your account. Send this form in addition to Form 14157.

Tax-Exempt Organization Complaint (Referral) - Form 13909PDF

Misconduct or wrongdoing by an exempt organization or employee plan.

Report Fraudulent IRS Emails and Websites

See Report Phishing and Online Scams to report fraudulent IRS emails or websites.

Report Phishing and Online Scams

The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.

Use tab to go to the next focusable element

What is phishing?

Phishing is a scam typically carried out through unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information.

Report all unsolicited email claiming to be from the IRS or an IRS-related function to If you've experienced any monetary losses due to an IRS-related incident, please report it to the Treasury Inspector General for Tax Administration (TIGTA) and file a complaint with the Federal Trade Commission (FTC) through their Complaint Assistant to make the information available to investigators.

NOTE: Please refer to Contact the IRS if you have a tax question not related to phishing or identity theft.

What to do if you receive a suspicious IRS-related email

If you receive an email claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery.

  1. Don't reply.
  2. Don't open any attachments. They can contain malicious code that may infect your computer or mobile phone.
  3. Don't click on any links. Visit our identity protection page if you clicked on links in a suspicious email or website and entered confidential information.
  4. Forward - preferably with the full email headers - the email as-is to us at Don't forward scanned images because this removes valuable information.
  5. Delete the original email.

What to do if you receive a suspicious IRS-related telephone call

IRS impersonation telephone calls – as well as other types of unwanted calls (e.g., telemarketing robocalls, fake grants, tech support, sweepstakes winnings, etc.) remain popular scams. Blocking these types of calls is one strategy taxpayers should consider. Easy to install call blocking software for smartphones is available. While the IRS does not endorse any solution or brand, a limited sample of the available options are:

If you receive a phone call from someone claiming to be from the IRS but you suspect they are not an IRS employee:

  • View your tax account information online or review their payment options at to see the actual amount owed
  • If the caller is an IRS employee with a legitimate need to contact you, please call them back using the appropriate online resources

If the individual is not an IRS employee and does not have a legitimate need to contact you and regardless of whether you were a victim of the scam or not, report the incident to the appropriate law enforcement agencies:

  • If IRS-related, please report to the Treasury Inspector General for Tax Administration (TIGTA) via their online complaint form.
  • If Treasury-related, please report to the Office of the Treasury Inspector General (TIG) via

Please report IRS or Treasury-related fraudulent calls to (Subject: IRS Phone Scam).

For any fraudulent call, after listening to the message, do not provide any information and hang up. When you report the fraudulent call, please include:

  • The telephone number of the caller (e.g., Caller ID)
  • The telephone number you were instructed to call back
  • A brief description of the communication

If possible, please include:

  • The employee name
  • The employee badge number
  • The exact date and time that you received the call(s)
  • The geographic location and time zone where you received the call if possible

In addition, please consider filing a complaint with the:

  • Federal Trade Commission (FTC) via their online complaint form
  • Federal Communications Commission (FCC) by visiting the Consumer Complaint Center. Consumers should select the “phone” form and then the “Unwanted Calls” under “Phone Issues”, and provide details of the call in the description of their complaint
  • Your local Attorney General’s office via their consumer complaint form (the reporting mechanism will vary by state)

How do I verify contact from the IRS?

Go to and search on the letter, notice, or form number. Please be aware fraudsters often modify legitimate IRS letters and forms. You can also find information at Understanding Your Notice or Letter or by searching Forms and Instructions. For additional information please see “How to know it’s really the IRS calling or knocking on your door”.

If it is legitimate, you'll find instructions on how to respond. If the completion of a form is required and it’s provided by a questionable contact, you should verify the form is identical to the same form on by searching Forms and Instructions.

If you don't find information on our website or the instructions are different from what you were told to do in the letter, notice or form, please use the appropriate online resources.

Once you have determined that it is not legitimate, report the incident to TIGTA and to us at

What if I receive an email requesting W2 information?

Since 2016, has received emails from organizations that have been targeted by the business email compromise (BEC) / business email spoofing (BES) W2 scam.

There are multiple variants of this scam (e.g., wire transfer, title/escrow, fake invoice, etc.). Please only contact the IRS for the W2 variant. You can report the W2 variant to the IRS – whether you are a victim or not – and should also report any BEC/BES variants to the Internet Crime Complaint Center.

If you are a victim of this (e.g., you responded by sending the W2s) please email and also send the full email headers to (Subject: W2 Scam).

If you are a recipient of this scam but did not send any information please send the full email headers to W2 Scam).

If you report the W2 scam to please clarify if you are a victim.

(IR-2016-34) IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s

WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The following are some of the details contained in the e-mails:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.

The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

The IRS, state tax agencies and tax industry are engaged in a public awareness campaign — Taxes. Security. Together. — to encourage everyone to do more to protect personal, financial and tax data. See or Publication 4524PDF for additional steps you can take to protect yourself. 

(IR-2017-10) IRS, States and Tax Industry Renew Alert about Form W-2 Scam Targeting Payroll, Human Resource Departments

WASHINGTON — The Internal Revenue Service, state tax agencies and the tax industry today renewed their warning about an email scam that uses a corporate officer’s name to request employee Forms W-2 from company payroll or human resources departments.

This week, the IRS already has received new notifications that the email scam is making its way across the nation for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or Social Security number.

The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then attempted to file fraudulent tax returns for tax refunds.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.

The following are some of the details that may be contained in the emails:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Working together in the Security Summit, the IRS, states and tax industry have made progress in their fight against tax-related identity theft, cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.

The Security Summit supports a national taxpayer awareness campaign called Taxes. Security. Together. and a national tax professional awareness effort called Protect Your Clients; Protect Yourself. These campaigns offer simple tips that can help make data more secure.

(IR-2017-20) Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others

WASHINGTON — The Internal Revenue Service, state tax agencies and the tax industry issued an urgent alert today to all employers that the Form W-2 email phishing scam has evolved beyond the corporate world and is spreading to other sectors, including school districts, tribal organizations and nonprofits.

In a related development, the W-2 scammers are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is victimizing some organizations twice.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.

When employers report W-2 thefts immediately to the IRS, the agency can take steps to help protect employees from tax-related identity theft. The IRS, state tax agencies and the tax industry, working together as the Security Summit, have enacted numerous safeguards in 2016 and 2017 to identify fraudulent returns filed through scams like this. As the Summit partners make progress, cybercriminals need more data to mimic real tax returns.

Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2.  This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).

The Security Summit partners urge all employers to be vigilant. The W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. Those businesses that received the scam email last year also are reportedly receiving it again this year.

Security Summit partners warned of this scam’s reappearance last week but have seen an upswing in reports in recent days.

New Twist to W-2 Scam: Companies Also Being Asked to Wire Money

In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Steps Employers Can Take If They See the W-2 Scam

Organizations receiving a W-2 scam email should forward it to mailto:phishing@irs.govand place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3), operated by the Federal Bureau of Investigation.

Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at or the IRS at Identity Protection.

Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS.

The W-2 scam is just one of several new variations that have appeared in the past year that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. Individual taxpayers also can be targets of phishing scams, but cybercriminals seem to have evolved their tactics to focus on mass data thefts.

Be Safe Online

During tax season, taxpayers and tax preparers should be cautious while utilising search engines to get technical support for taxes or tax software, in addition to avoiding email frauds. Choosing the incorrect "tech support" link may result in a computer infection or data loss. Software "tech support" won't ring users up at random either. It's a fraud, this.

If you need help preparing your taxes and are looking for a paid tax expert, try the IRS Choosing a Tax expert lookup tool. If you need free assistance, check out the Free Tax Return Preparation Programmes. When looking for tax software, taxpayers can visit /freefile to get Free File, which provides 12 name-brand programmes at no cost. If taxpayers or tax preparers need technical help for any of their software packages, they should visit the provider's website directly.

Tax professionals should also be on the lookout for current schemes involving IRS e-Services scams. Fraudsters are attempting to send emails requesting e-Services customers to update their accounts by utilising IRS attempts to make e-Services more secure. Their goal is to obtain the login credentials of e-Services users in order to gain access to these crucial services.

(IR-2017-130) Don't Take the Bait, Step 6: Watch Out for the W-2 Email Scam

WASHINGTON – Today, tax professionals and businesses were alerted by the IRS, state tax agencies, and the tax industry to a surge in email scams that target employee Forms W-2.

From the standpoint of tax administration, the W-2 fraud, also known as a business email hack, or BEC, is one of the riskiest phishing email schemes that are currently trending nationally. During the 2017 filing season, the IRS observed a substantial rise in the number of occurrences and victims.

A 10-part series targeted at tax professionals, "Don't Take the Bait" aims to raise awareness about corporate email hacks. Together as the Security Summit, the IRS, state tax authorities, and the tax industry exhort practitioners to educate themselves on how to safeguard clients and themselves from BEC schemes. This is a continuing effort to "Protect Your Clients; Protect Yourself."

When a cybercriminal manages to "spoof" or mimic an executive's email account and targets a payroll, finance, or human resources employee with a request, it's known as a business email hack. Fraudsters might, for instance, attempt to coerce an employee into transferring money into a designated account or requesting a list of all employees together with their Forms W-2.

IRS Commissioner John Koskinen stated, "These are extremely tricky schemes that can be devastating to a tax professional or business." "People with access to sensitive information are the target of cybercriminals, who deceitfully mask their activity with an official-looking email request."

According to a report released earlier this year by the Federal Bureau of Investigation, since January 2015, the number of recognised losses has increased by 1,300 percent, including over $3 billion in wire transfers. The FBI discovered that national and international organised crime gangs are the ones responsible for these scams, which have targeted companies and organisations throughout all 50 states as well as 100 other countries.

The IRS initially alerted companies to the scam's migration to tax administration during the 2016 filing season, when they were able to collect employees' Forms W-2 through business email breach techniques. The fraud became harder to identify as soon as the offenders started filing false tax returns that may mimic the real income that employees actually got.

The IRS reported that in 2017, there were 200 businesses, public schools, universities, tribal governments, and nonprofit organisations that have fallen victim to the W-2 scam, up from 50 in 2016. Several hundred thousand employees had their sensitive data taken as a result of those 200 victims. The thieves in certain instances asked for a wire transfer in addition to the W-2 data.

The employee's name, address, Social Security number, income, and withholdings are all listed on Form W-2. In addition to being used to submit false tax returns, the data may be offered for sale on the Dark Net, where thieves hope to make money off of these thefts.

The Internal Revenue Service (IRS) can take action to shield employees from identity theft connected to taxes if the company or organisation that was attacked notifies the IRS. But due to the nature of these con games, a lot of companies and organisations were duped and were unaware of it for days, weeks, or even months.

The IRS created the email notification address especially for companies and organisations to report W-2 thefts. Make sure the email body has contact details and the subject line contains the words "W-2 scam." Businesses and organisations can forward suspicious emails to, again with the subject line "W-2 scam," if they receive them and do not fall for the hoax..

Protecting Clients and Businesses from BECs

The IRS advises tax professionals to inform their clients about BEC scams and to watch out for business email hacks as a risk to their own systems. Employers—including tax professionals—should examine their guidelines before sending sensitive information like W-2s or executing wire transfers in response to an email request alone.

Tax professionals should consider taking these steps:

  • Verify requests for Forms W-2, wire transfers, or any other sensitive data exchanges verbally using phone numbers you have previously established, not the ones provided in the email.
  • Make sure to confirm vendor payment requests for updated locations, and get a second sign-off from business staff.
  • Inform staff members about this scam, especially those who have access to private information like W-2s or are authorised to make wire transfers.
  • Seek advice from an IT specialist and abide by these FBI-recommended precautions:
    • Create intrusion detection system rules that flag e-mails with extensions that are similar to company email. For example, legitimate e-mail of would flag fraudulent email of
    • To identify email correspondence in which the displayed "from" and "reply" email addresses differ, create an email rule.
    • Those from non-employee/external accounts should be coloured differently from those from employees or internal accounts.
  • Report any BEC incidents to the IRS. Use the Internet Crime Complaint Centre (IC3) to lodge a complaint with the FBI.

(IR-2018-8) IRS, States and Tax Industry Warn Employers to Beware of Form W-2 Scam; Tax Season Could Bring New Surge in Phishing Scheme

WASHINGTON – Today, all employers were asked by the Internal Revenue Service, state tax agencies, and the tax industry to inform their payroll staff about a Form W-2 phishing fraud that affected thousands of employees and hundreds of organisations in the previous year.

In the tax community, one of the most dangerous phishing emails has been identified as the Form W-2 fraud. Cybercriminals deceived payroll employees or anyone with access to payroll data during the previous two tax seasons into divulging private information for whole workforces. All kinds of employers were impacted by the scam, including hospitals, public schools, universities, tribal governments, and charitable organisations.

From just over 100 in 2016, reports of this fraud to from both victims and nonvictims increased to around 900 in 2017. More than 200 organisations fell prey to identity theft last year, resulting in the compromising of hundreds of thousands of employee identities.

The IRS and its allies in the Security Summit endeavour aim to curtail the viability of this fraud in 2018 by notifying employers at this early stage. Additionally, the IRS established a new procedure last year for employers to report these schemes. The IRS can take action to safeguard workers, but only if employers promptly report thefts to the agency.

This is how the con operates: Cybercriminals conduct due diligence, locating executives at schools, COOs, and other high-ranking jobs. Through the use of a method called business email spoofing (BES) or business email compromise (BEC), scammers impersonating executives send emails to payroll staff asking for copies of Forms W-2 for each employee.

The employee's name, address, Social Security number, income, and withholdings are all listed on Form W-2. The data is either posted for sale on the Dark Net or used by criminals to file false tax returns.

A pleasant "hi, are you working today?" email discussion may precede the fraudster's request for all Form W-2 data. In multiple documented instances, the con artists promptly requested a wire transfer as soon as they obtained the employee data.

The IRS and Security Summit partners advise employers to consider establishing a policy to restrict the number of employees with the authority to handle Form W-2 requests and to require additional verification procedures to validate the actual request before emailing sensitive data, such as employee Form W-2s, in addition to educating payroll or finance personnel.

The Internal Revenue Service (IRS) can take action to shield employees from identity theft connected to taxes if the company or organisation that was attacked notifies the IRS. But due to the nature of these con games, a number of companies and organisations were deceived for days, weeks, or even months before realising it.

Employers can report Form W-2 data thefts to the IRS through a dedicated email notification address that was created for that purpose. Via this method, victims of Form W-2 scams can alert the IRS:

  • To report a Form W-2 data loss to the IRS, send an email to with your contact details (given below).
  • Enter "W2 Data Loss" in the subject line to ensure that the email is forwarded correctly. Attaching any personally identifiable information about an employee is not allowed.
  • Include the following:
    • Business name
    • Business employer identification number (EIN) associated with the data loss
    • Contact name
    • Contact phone number
    • Summary of how the data loss occurred
    • Volume of employees impacted

Businesses and organisations should forward the complete email headers to with the subject "W2 Scam" if they fall victim to the scam, or if they just receive a suspicious email and are not scammed.

Employers can learn more at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

Employers need to be aware that frauds used by cybercriminals are ever-evolving. Personnel in charge of payroll and finance should be on the lookout for any odd requests for employee data.

What if I am a tax preparer and I receive or I am a victim of an IRS-related or tax-related email?

See “How to verify contact from the IRS”. If you determine that the contact is not legitimate:

  • If the scam is IRS-related, report the incident to TIGTA and to us at
  • If the scam is tax-related, report and to us at

If you are a victim of a security incident, please review Publication 4557PDF and contact your Stakeholder Liaison (SL)

For additional guidance please see FTC Data Breach Guidance: A Guide for Businesses.

What if I receive an unsolicited email that references the IRS or taxes?

Send to

What to do if you receive an unsolicited IRS-related fax

A fraudulent scheme involving a forged Form W8-BEN exists. Kindly visit the FATCA homepage if you are a citizen of another country.

After you've established that it's not real, report the occurrence to us at and to TIGTA (Subject: FAX).

What to do if you receive an unsolicited solicitation involving a stock or share purchase, that involves suspicious IRS or Department of Treasury documents such as "advance fees" or "penalties"

If you are an American citizen residing overseas or in one of the country's territories.

  1. Complete the appropriate complaint form with the U.S. Securities and Exchange Commission.
  2. Forward email to (Subject: Stock).
  3. Through the FTC Complaint Assistant, you can file a complaint if you have been the victim of financial or identity theft.

If you are not a U.S. citizen and reside outside the United States.

  1. Complete the appropriate complaint form with the U.S. Securities and Exchange Commission.
  2. Contact your securities regulator and file a complaint.
  3. Forward email to (Subject: Stock).
  4. If you are a victim of monetary or identity theft, you may report your complaint to

What if I receive an unsolicited text message or Short Message Service (SMS) message claiming to be from the IRS?

  1. Don't reply.
  2. Don't open any attachments. They can contain malicious code that may infect your computer or mobile phone.
  3. Don't click on any links. If you clicked on links in a suspicious SMS and entered confidential information, visit our identity protection page.
  4. Forward the text as-is, to us at 202-552-1226. Note: Standard text messaging rates apply.
  5. If possible, in a separate text, forward the originating number to us at 202-552-1226
  6. Delete the original text.

What if I receive a phishing email that is not IRS or tax-related?

You receive a suspicious phishing email not claiming to be from the IRS. Forward the email as-is to

You HAVE clicked on the link or downloaded the attachment in an email that you believe includes malicious malware or an attachment:

To find out what to do if you think your computer may be infected with malware, go to

You get an email that you believe has harmful code or an attachment, but you haven't opened the link or downloaded the file:

Send the email to or the abuse department of your internet service provider..

What if I want to train my employees on IRS or tax-related phishing emails by conducting a tax-related phishing exercise?

It is forbidden for you to use the IRS or any aesthetically pleasing substitute (such as lRS, 1rs, etc.). Whether an organisation uses a vendor platform or conducts its own phishing exercise using open-source tools, the IRS does not authorise the use of "IRS" or its logo.

Tax-related exercises should not be conducted during tax season.

A post-notification stating that the receivers' taxes have not been impacted should be included in tax-related activities.

State/Local/Federal/Military organizations should coordinate through DHS NCATS.

Additional Resources

To disseminate the most recent information about projects, goods, services, and tax changes, the IRS makes use of social media and emerging technologies.

In order to gather feedback and ideas for bettering our services and products from taxpayers and tax professionals, the IRS also conducts customer satisfaction surveys.

  • A quick reference chart describes the many scenarios in which you should report suspected tax fraud.
  • Information about what to do if you or your workers become victims of identity theft can be found at State ID Theft Resources.
  • Employers and tax experts should email to alert states to any exposures of W-2s or other identification information.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.