Phishing scams are unsolicited messages sent by identity thieves. These criminals use “bait” to trick you into interacting with calls, letters, emails, and other communications. Generally, identity thieves impersonate a trusted source—government agencies, national retailers, prospective customers, and known contacts—and “set the hook” by injecting urgency into the message.

To make the message seem urgent, criminals rely on limited-time deals, alerts, and threats to get you to respond:

• If it’s a phone call, they keep you talking until you provide PII
• If it’s a letter, they hope you follow the provided directions
• If it’s an email, they get you to click on links or attachments
• If it's a social media private message, they pressure you into sharing information or clicking links
• If it's a QR code, they hope curiosity or a limited-time deal will convince you to scan the code

When it comes to Internet-based communications, links and attachments often contain malware that is designed to steal information from your device. Even if the link takes you to a website, criminals will keep any information you enter on those pages—and some websites contain scripts that automatically install malware. In other words, be careful about what you click.

Return to Taxing Subjects Frequently Asked Questions.

Related FAQs:

• What is Identity Theft Tax Refund Fraud?
• What are the signs of identity theft tax refund fraud?  
• What is Personally Identifiable Information?
• What is the Dark Web?  
• What is the Deep Web?
• What is malware?