Manage Pressing Risks with

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Password Managers Are Effective, But Are There Limitations?

Password managers can keep your data safe with strong, unique passwords. And, there are some steps to take to make sure they are used effectively and what to avoid.

Continue Reading

Has Social Distancing And Remote Workers Made Your VPN More Vulnerable?

Cybercriminals are taking advantage of the pandemic to attack organizations. Are your cyber protections up to the challenge?

Continue Reading

COVID-19 Conspiracy Theory Phishing Scams Are Starting To Surge

Cybercriminals are trapping victims with promises of secret cures and coronavirus conspiracy theories. Learn how to spot a scam.

Continue Reading
print   email   Share

The IRS Scam Is Back: What To Look For

The Internal Revenue Service (IRS) warns consumers to watch out for IRS impersonation attacks, which are spreading malware across the U.S.

These spam emails masquerade as legitimate emails from the IRS. They come from a spoofed IRS email address and the subject line may read, "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder."

Victims who click on the link in the email are directed to a spoofed site that contains fake information about the individual's tax refund, return, or account.

The email contains a "one-time password" or "temporary password" to access the files that the user needs to submit a request for a tax refund or for additional information, according to the scam message. What the files actually contain is malware.

The goal of the fraudulent IRS emails is to install malware onto the computers and devices of their victims. The hackers can then control the device or use software that tracks keystrokes to steal the user's login credentials to sensitive accounts.

Unfortunately, this attack is working, whether it is tax season or not. The IRS says the cybercriminals are using dozens of compromised websites and web addresses that make the messages look like they come from As a result, the IRS says the scam is "a challenge to shut down." Tara Seals "IRS Impersonation Attacks Spread Malware Nationwide" (Aug. 26, 2019).


The IRS and other government institutions will never email you to ask you to submit personal information online.

If you receive an email requesting personal information from the IRS, another government agency, or even your financial institution or other organizations you work with, it may well be a phishing scam.

Keep in mind that many spam emails, including the spoofed emails claiming to be from the IRS, look legitimate. Having an or other organizational email address does not guarantee that the email is real. Hackers can break into official accounts to send their fraudulent email messages.

In addition, emails that contain information about you, such as your name or address, are not legitimate simply for that reason. Hackers often gather enough information about their victims to make their spam emails appear more authentic before asking for the remaining information they need to steal your identity.

Always assume that even legitimate looking email messages or messages from someone in your contacts could actually be cybercriminals trying to steal your information. Look closely for signs of spoofing, including misspellings, grammar mistakes, and the email address being slightly off.

Often, phishing emails threaten the user with harm in order to solicit a reaction. For example, an email claiming to be from the IRS may say that you could be arrested for tax evasion if you do not reply in a timely manner.

On the other hand, cybercriminals may try to get you to respond by promising you money if you do. Therefore, IRS scam emails could say that you are entitled to a tax refund if you provide certain information.

You can reduce your risk of receiving spam emails by enabling your email spam filter. However, do not make the mistake of assuming that an email in your inbox is safe just because you have a spam filter. Some sophisticated spam messages can get past even the best filters.

If you get an email claiming to be from an official organization or government agency, do not call the number on the email. Instead, independently look up the number to call and use it instead.

Finally, your opinion is important to us. Please complete the opinion survey: