Schemers Send Fake 'Temporary Password' and 'One-Time Password' IRS Emails

Do you still submit your tax return forms on paper? If you are up with the times, it is most likely that you have already shifted to doing that online. If that is the case, you must have created an IRS (Internal Revenue Service) account, and you might have already corresponded with someone from IRS via email. - It's convenient. It's quick. It does not require you to get out of your home. - Unfortunately, sometimes, we have to pay for convenience, and, in this case, we pay the price of virtual security. While most people using online IRS services will never get themselves into trouble, some could get roped in by IRS scams. Unfortunately, schemers could even trick those who do not usually deal with tax-related issues online. Luckily, there are ways to protect yourself, and if you continue reading, you will learn about the signs of IRS scams.

Receiving emails from IRS is not normal

Did you know that the IRS does not normally communicate with taxpayers via email? In fact, you yourself need to initiate the communication, and IRS does not send messages out of the blue. According to the IRS Privacy Guidance About Email Contact guidelines, the agency does NOT initiate email contact without consent. That means that if you have not signed up for online services via, the agency will NEVER send you any messages. In fact, they suggest reporting all unsolicited messages to IRS also warns that sending private and sensitive information via email can be dangerous because no one can guarantee that messages would not be intercepted illegally by malicious third parties. This is sound advice, and you should remember it always. Whether you are sending a message to your bank, your insurance agency, or a support team of your favorite online vendor, you should NEVER reveal sensitive or personally-identifiable information. When it comes to the IRS, the agency suggests using physical mail to pass on such information to them.

'Temporary Password' and 'One-Time Password' IRS Scams

Virtual schemers do not care whether or not you have an account. They accumulate active email addresses – which can be recorded during data breaches or using phishing scams – and then send the same generic email message to all of them. The hope here is to get at least a small portion of the targets to believe that the message they have received is authentic. There are all kinds of IRS scams, but the latest one appears to approach people with a fake 'temporary password' or 'one-time password' file. The message suggests that the recipient is eligible for a tax refund and that they can request information about it using a temporary password or a one-time password that is included in the message. The scam message also contains a link to a page that, allegedly, presents the electronic return or tax account. To gain access, of course, the bogus password must be entered, and if the victim opens the file that should contain this password, they are exposed to a malware file.

Signs of IRS scams

Since there are all kinds of IRS scams, not all of them work or look the same. Some are used to gather personal information, while others are used to expose unsuspecting victims to malicious infections. That being said, while differences exist, there are some things that you need to look at more closely if you want to avoid getting scammed.

  • IRS emailed you out of the blue. As we discussed already, that is not something that would happen, and so you should ignore all unsolicited messages. Better yet, report them to
  • The email domain is not authentic. If the email you received was not sent from, you can be sure that the message was sent by someone else. Most likely, someone with malicious intentions.
  • The email you received instructs you to click a link, click a button, or open an attached file. Unless you can confirm that the message is authentic, interacting with links/buttons/attachments could open security backdoors, via which remote attackers could execute malware as well as trick you into visiting scam websites or disclosing sensitive information.
  • The email message asks to identify yourself or expose personal information. IRS already has this info, and if they are contacting you after you sent them a message first, they will not request it.
  • The email message contains grammatical mistakes, which, of course, would NOT happen if you were contacted by the real IRS. That being said, do not fall for grammatically-sound scam messages either!

How to avoid IRS scams?

It might be impossible for you to avoid IRS scams, since you are not the one controlling who sends you messages. However, you can minimize the chances of receiving scam messages by taking good care of your email account. If you share your address left and right, you could attract all kinds of schemers, not just the ones behind IRS scams. Due to this, it might be best to create several different email accounts. One of them could be dedicated to “serious business,” which means that you could link it to IRS, insurance, online banking accounts. The other email account you use could be dedicated to social networking and online shopping. Of course, you need to protect all of the email accounts you use, but you have to be extra cautious about the email address that might be linked to more sensitive accounts.

Finally, you need to use your head. You already know what signs of IRS scams you need to look out for, and if you are cautious, we are sure that you will not get tricked. In case you have been fooled already, you need to do two things. First and foremost, download a reliable anti-malware tool to inspect your operating system for malware. The victims of the one-time password/temporary password IRS scam could have executed malware by opening a fake document. Second, you need to change your IRS password and secure your virtual identity. We recommend employing the free Cyclonis Password Manager to help you create and protect your IRS password, or any other password that could have been affected due to a vicious scam.

September 20, 2019

Leave a Reply