Skip to content
Spring is here!  Here’s how to spot seasonal scams.

By JD Biersdorfer, The New York Times Company

Fraud is a year-round activity, but tax season brings an increase in calculated schemes to steal money and personal information through forged messages and other means. Cybersecurity firms have also reported an increase in fraud attempts that exploit the conflict in Ukraine — a situation that has heightened fears of potential cyberattacks on US businesses through ransomware and other malware. You can better protect yourself if you know what’s going on. Here is a guide.

Avoid the tax scam

The Internal Revenue Service does not make initial contact with taxpayers via email, text message, or social media channels to request personal and financial information, including bank account or credit card numbers, passwords, password or PIN codes. Messages requesting this information are deceptive “phishing” attempts to steal money and identities.

If the IRS needs your attention, it starts with a notice by regular mail through the US Postal Service in most cases.

The IRS will not send unexpected messages about verifying statements, sending stimulus payments, collecting your taxes, or “cancelling your social security number.” An IRS representative may call or visit when a taxpayer has an overdue bill or has other tax-related issues. But even then, written notification is usually sent first, according to the agency.

Fraudulent phone calls and voicemails using spoofed agency numbers and fake IRS agent ID are common. Again, the agency usually mails a notice first. He doesn’t call out of the blue to discuss tax refunds, threaten to be arrested by local law enforcement, or demand immediate payment in a specific form. Tax bills are paid to the US Treasury and not directly to “agents” requiring funds in iTunes or Amazon gift cards, prepaid debit cards, e-cash, or wire transfers.

The Tax Scams/Consumer Alerts page of the official site has a long list of current and classic scams. And the site offers a guide to verifying real IRS agents and identifying legitimate debt collectors.

Give wisely

Opportunistic scammers quickly take advantage of natural disasters and humanitarian crises, including the COVID-19 pandemic and the war in Ukraine. Beware of messages from unknown organizations asking for credit card or cryptocurrency donations – or claiming to be from refugees or the military. Crowdfunding campaigns should be avoided or scrutinized unless you know the organizer.

If you’d like to donate but aren’t sure where, review sites like CharityWatch and Charity Navigator have guides showing where your contribution can be most helpful. The Opinion section of The New York Times offers suggestions for humanitarian aid in Ukraine, including Direct Relief, Mercy Corps, International Medical Corps and Save the Children.

And when you find a favorite charity’s site, check the URL carefully. Scammers use “typosquatting” (registering a purposely misspelled domain name near the address of a legitimate site) in the hope that bad typists will inadvertently land on their malicious pages.

Report a scam attempt

If you receive an unsolicited email claiming to be from the IRS, you can report it by forwarding the message to The Treasury Inspector General for Tax Administration has a hotline for reporting attempted tax evasion at 800-366-4484; the department has a portal page for complaints.

You can file a general fraud report on the Federal Trade Commission website.

Gmail and include menus for reporting phishing attempts, while Yahoo has a form to fill out.

Be warned, though: if you fall victim to a scam involving a Zelle money transfer, your bank may not support you if you authorized the transaction.


As the Federal Trade Commission notes, common signs of a scam typically include someone impersonating a familiar organization and telling you there’s a problem (or, sometimes, a prize). The scammer urges you to act immediately and demands payment in a specific way.

Most fraud attempts are easy to spot. Messages laden with typos, impersonal “official correspondence” from Gmail and Yahoo accounts, and voicemails left in the speech of a robotic computer are instant red flags. Fake invoices and forged PayPal reviews remain popular phishing lures.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.