IRS Issues Warning On Ransomware ‘Questionnaire’ Scam

A phony email targeting tax professionals is "a new twist on an old scheme," agency Commissioner John Koskinen said.

  • Published 1 September 2017

The Internal Revenue Service (IRS) issued a warning urging tax professionals to watch out for a ransomware scam being distributed via email. The email includes reproductions of logos for both the IRS and the Federal Bureau of Investigation (FBI), as well as a link directing readers to download a “required questionnaire”:

Downloading the document infects the user’s computer and leaves them unable to access their data unless they pay a ransom to the sender. It appears to target tax preparation professionals. However, the IRS has also warned:

Victims should not pay a ransom. Paying it further encourages the criminals. Often the scammers won’t provide the decryption key even after a ransom is paid.

The agency’s commissioner, John Koskinen, said in a 28 August 2017 statement:

This is a new twist on an old scheme. People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.

Instead, the IRS encourages victims to report ransomware attempts to federal investigators. Scams that purport to come from the IRS should be reported via email to phishing@irs.gov.

According to the agency, incidents involving malware and identity theft scams increased by 400 percent during the 2016 tax season.

The agency has also published an advisory on the matter:

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

We contacted the IRS seeking additional information on how many reports it had received the August 2017 scam but did not get a response by press time.

Snopes.com
Since 1994
A Word to Our Loyal Readers

Support Snopes and make a difference for readers everywhere.

Editorial
  • David Mikkelson
  • Doreen Marchionni
  • David Emery
  • Bond Huberman
  • Jordan Liles
  • Alex Kasprak
  • Dan Evon
  • Dan MacGuill
  • Bethania Palma
  • Liz Donaldson
Operations
  • Vinny Green
  • Ryan Miller
  • Chris Reilly
  • Chad Ort
  • Elyssa Young

Most Snopes assignments begin when readers ask us, “Is this true?” Those tips launch our fact-checkers on sprints across a vast range of political, scientific, legal, historical, and visual information. We investigate as thoroughly and quickly as possible and relay what we learn. Then another question arrives, and the race starts again.

We do this work every day at no cost to you, but it is far from free to produce, and we cannot afford to slow down. To ensure Snopes endures — and grows to serve more readers — we need a different kind of tip: We need your financial support.

Support Snopes so we continue to pursue the facts — for you and anyone searching for answers.

Team Snopes