One thing that we teach here at Cyber Safe Workforce is the definition of an expected communication. To review, an expected communication is one initiated by you in some way. Some examples include subscribing to a newsletter or follow up correspondence related to an in-person conversation. Often, we discuss expected communication in terms of received emails because it’s an important part of recognizing phishing attempts–attempts by someone to steal your private information by impersonating a person or brand you trust.

Well, now that we’re in tax season, it’s a good time to revisit how the IRS communicates about tax returns and taxes owed. The IRS states on their website that they will not initiate contact with you through email, social media, or text messages. The large majority of their correspondence is done via regular mail.

Further, the site states that the IRS will never threaten to bring local law enforcement or immigration officers to arrest you or take away your business or driver’s license. They do not call and demand immediate payments by phone on back taxes and will never ask that you pay anyone but the U.S. Treasury. A Dirty Dozen list of tax scams appears on the IRS site – be on the lookout for these during tax time. Scammers are tricky and will try many different scams and contact methods.

If you receive an email from the IRS that has an attachment, watch out, it’s probably an imposter peddling malware. The IRS will only link to forms on its website–not attach them.

Communications, with no previous context, that request you take an action (e.g. download/view an attachment, make a payment, register on a website) are UNEXPECTED and risky! If you’re not sure if a communication is legitimate, look up the IRS’s official phone number, call them and ask them. When finances are involved, it’s better to be cautious.