IRS Phishing Email Scam
IRS phishing emails are the #1 threat on both IRS Dirty Dozen 2025 and 2026. In 2026, these emails increasingly use QR codes and may install ransomware. The IRS never initiates contact by email — all legitimate IRS communication arrives by U.S. mail.
Reports
IRS Dirty Dozen 2025 and 2026 #1 — top email threat both years; IRS 600+ social media impersonators FY2025
First documented
2015
Last active
2026-03
⚠ This page documents a reported scam email pattern for educational purposes. Sources are cited for all statistics and claims. ZeroScam is not affiliated with the IRS, FTC, FBI, or any government agency.
What this scam email says
IRS phishing emails use official IRS branding, logos, and language to appear authentic. Common pretexts include tax refund claims, account verification, tax debt notices, and identity verification. In 2026, QR codes are used to direct victims to fake IRS websites. Some variants install malware or ransomware when links are clicked.
What this scam email looks like
From: [email protected] Subject: IRS: Your refund has been approved — click to claim INTERNAL REVENUE SERVICE Tax Year 2025 — Refund Notification Dear Taxpayer, Your federal tax refund of $1,893.00 has been approved. To receive your payment, verify your bank account details. [CLAIM YOUR REFUND — EXPIRES IN 48 HOURS] Or scan the QR code in the attached PDF. Internal Revenue Service — Taxpayer Services Division irs-taxpayer-services.com
Reconstructed example for educational purposes. Not a verbatim reproduction.
Known scam email subject lines in this pattern
- •IRS: Your refund has been approved — click to claim
- •Important: IRS action required on your tax file
- •IRS alert: verify your account to avoid suspension
- •Your federal tax return requires verification
- •IRS: Your account has been flagged for review
- •Urgent IRS notice: respond within 24 hours
5 red flags
IRS Dirty Dozen 2026: QR codes in IRS emails are always fraudulent
IRS never sends unsolicited emails — any IRS email you didn't request is a scam
IRS reported 600+ social media impersonators in fiscal year 2025
Clicking links may install ransomware — IRS Dirty Dozen 2026 specific warning
The only real IRS website is IRS.gov — all others are fake
What to do
Never click links or scan QR codes in emails claiming to be from the IRS
Forward suspicious emails to [email protected]
Check your real IRS account at IRS.gov — type the URL directly
Report to TIGTA at tigta.gov/report-scam
Report this email scam
Source
IRS Dirty Dozen 2026 #1 — IRS impersonation by email/text; IRS Dirty Dozen 2025 #1; IRS.gov/privacy-disclosure/report-phishing
https://www.irs.gov/newsroom/dirty-dozen-tax-scams-for-2026-irs-reminds-taxpayers-to-watch-out-for-dangerous-threats ↗Fake sender domains used in this scam
Scammers impersonate legitimate brands using these fraudulent domains. If you received an email from one of these, it is a scam.
Documented email subjects in this pattern
Related scam email patterns
People also search for
Frequently asked questions
What is the IRS Phishing Email Scam?▼
IRS phishing emails are the #1 threat on both IRS Dirty Dozen 2025 and 2026. In 2026, these emails increasingly use QR codes and may install ransomware. The IRS never initiates contact by email — all legitimate IRS communication arrives by U.S. mail.
How do I recognize a IRS Phishing Email Scam?▼
Red flags: IRS Dirty Dozen 2026: QR codes in IRS emails are always fraudulent; IRS never sends unsolicited emails — any IRS email you didn't request is a scam; IRS reported 600+ social media impersonators in fiscal year 2025.
What should I do if I receive a IRS Phishing Email Scam?▼
Never click links or scan QR codes in emails claiming to be from the IRS Forward suspicious emails to [email protected] Check your real IRS account at IRS.gov — type the URL directly
How common is the IRS Phishing Email Scam?▼
IRS Dirty Dozen 2025 and 2026 #1 — top email threat both years; IRS 600+ social media impersonators FY2025. First documented: 2015. Source: IRS Dirty Dozen 2026 #1 — IRS impersonation by email/text; IRS Dirty Dozen 2025 #1; IRS.gov/privacy-disclosure/report-phishing.
Received a suspicious email?
Paste the email text or subject line — check it instantly, free.
Check your email →Source: IRS Dirty Dozen 2026 #1 — IRS impersonation by email/text; IRS Dirty Dozen 2025 #1; IRS.gov/privacy-disclosure/report-phishing
First documented: 2015 · Last active: 2026-03
← Scam message database