Tax-themed phishing scams targeting .edu accounts, IRS warns

As tax season heats up, so do attempts by cybercriminals to lure university students and staff to open malicious emails designed to look like materials from the Internal Revenue Service, the agency warned Tuesday.

In recent weeks, the IRS has received numerous complaints about phishing attempts targeting students and employees of higher education and nonprofit institutions with email addresses ending in .edu. The ongoing scam attempt, the IRS said, involves luring recipients of the phony emails — which contain subject lines like “Tax Refund Payment” or”Recalculation of your tax refund payment” — to a website that asks for a broad set of personally identifiable information.

Among the credentials the malicious site asks for are names, dates of birth, home addresses, Social Security numbers, driver’s license numbers and income.

Phishing schemes that prey on people filing their taxes are as inevitable as federal income taxes themselves. Last year, the IRS and the FBI investigated an attempt by scammers to collect large refunds by posing as clients of a California accounting firm. In previous instances, criminal actors have attempted to steal taxpayers’ private information by posing as payroll management firms like Paychex and ADP.

And last month, the IRS warned tax professionals of a phishing campaign that tries to steal electronic filing identification numbers, which accountants use to transmit their clients’ tax returns.

The IRS’s warning Tuesday to university students and staff recommends reporting any apparent phishing attempt to the agency. It also suggests that anyone who believes they filed out the malicious form apply for an identity protection PIN, a six-digit code that the agency says is known to the IRS and the individual taxpayer.