Scammers try to impersonate everything and everyone. They email you pretending to be your boss and ask for money, call you claiming your Microsoft account has been hacked or send phishing links for fake package deliveries. 

However, the most common type of impersonation scam occurs when bad actors pose as government agencies, especially the IRS.

The Treasury Inspector General for Tax Administration (TIGTA) is aware of this and has issued a new warning for 2025 about text messages impersonating the Internal Revenue Service. I will discuss everything you need to know to avoid this new tax scam and protect your personal information.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

The new IRS scam alert

To understand the new IRS scam, let’s first examine what it’s based on. The IRS has been sending out COVID-19 stimulus payments worth up to $1,400 to around 1 million tax filers who missed them. Initially, these payments were self-claimed, but now the IRS is automatically issuing them to ensure eligible taxpayers get what they’re owed.

This provision, known as the Recovery Rebate Credit, allows people to claim missed stimulus payments from 2021. If you were eligible but didn’t receive the funds, you can still claim them by filing a tax return by April 15, 2025. Payments will be deposited directly using the banking information listed on the taxpayer’s 2023 return or sent as a paper check.

However, TIGTA is warning that scammers are targeting taxpayers with fraudulent text messages, as reported by TaxAct. These fake texts claim that recipients will receive an Economic Impact Payment from the IRS and often ask for sensitive personal information, like bank account details or your Social Security number. Scammers use this information to steal your identity or financial data.

The IRS has made it clear that eligible taxpayers who didn’t claim the Recovery Rebate Credit on their 2021 tax return will receive their payments automatically; no action is required.

A woman working on her taxes (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

Spotting phishing scams is more important than ever

Most phones and PCs today have enough protections to keep bad actors at bay, so in almost every case, the only way anyone can access your device and data is if you give it to them. Hackers often send phishing links that impersonate a government agency, someone you know or a trusted brand, tricking you into clicking. Once you do, malware is installed on your device to quietly collect useful data and send it to the hackers. That’s why the most important part of staying safe online is knowing how to distinguish between legitimate and scam messages emails or calls. For example, you can easily tell if a communication is from the IRS or a scam by focusing on the following key factors.

• Type of communication: The IRS will never contact you via text for things like economic impact payments or financial information requests; they will send a letter or notice through mail or fax.
• Suspicious links: Government websites always end in “.gov,” while scam texts may contain links ending in “.com” or “.net.”
• Demands or threats: Be cautious of messages that create urgency or threats and look for any oddities or misspellings in the link as well.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Illustration of items used to prepare taxes (Kurt “CyberGuy” Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

10 ways to stay safe from scammers impersonating government agencies

1. Install strong antivirus software: As scammers increasingly impersonate government agencies like the IRS through phishing links and fake messages, installing strong antivirus software is crucial to protect yourself from these threats. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Antivirus software can detect and block suspicious links, warn you about potentially harmful websites and prevent malware from being installed on your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Always verify the authenticity of unsolicited communications: If you receive an unexpected email, text or phone call claiming to be from a government agency, it’s essential to confirm its authenticity. Scammers often create a sense of urgency to trick you into taking immediate action. To verify, always use official contact details from government websites. Avoid clicking any links in the message and reach out to the agency directly to confirm whether the communication is legitimate.

3. Reach out directly if you’re unsure: When you’re unsure about the legitimacy of a message or request, contact the government agency directly using verified contact details. Never respond to the message or click on any links within it. By calling or visiting the agency’s official website, you can ensure you’re communicating with authorized representatives and avoid scammers impersonating government officials.

4. Use strong, unique passwords to protect your accounts: One of the best ways to protect your sensitive information from scammers is by using strong, unique passwords for each of your accounts. Avoid using easily guessable passwords like “password123” or “qwerty.” Instead, create complex passwords that include a mix of uppercase and lowercase letters, numbers and special characters. 

Also, consider using a password manager to keep track of your credentials and ensure you’re using different passwords for each account. Get more details about my best expert-reviewed password managers of 2025 here.

5. Monitor your tax account: Regularly check your IRS account at www.irs.gov to confirm the status of your tax return, verify that no unauthorized tax filings have occurred and update personal and contact information as needed.

6. Report suspicious tax-related activities immediately: If you suspect a scam or fraudulent activity, it’s crucial to report it to the relevant authorities right away. Whether you’ve received a suspicious message or believe your information has been compromised, reporting it helps prevent further harm. The IRS and other agencies have dedicated channels for reporting fraud, so take action as soon as you can to protect yourself and others from these schemes.

7. Invest in personal data removal services: Use a personal data removal service to remove your personal information from data broker and people-finder sites, which scammers often use to find phone numbers and email addresses. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

8. Use direct deposit for refunds: This is the safest way to receive your tax refund, reducing the risk of mail theft, forgery or fraudulent check cashing.

9. Be wary of spoofed websites: Type the address of your actual tax prep site rather than clicking on a link from an email or advertisement. Investigate the domain before entering any confidential information.

10. Use an identity theft protection service: An identity theft protection service provides personal and financial monitoring and will try to help you if your identity is ever compromised. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

THE TAXING TRUTH: A STATE-BY-STATE ANALYSIS OF TAX TIME TRICKERY 

Kurt’s key takeaway

Tax season is here, and with it comes an increase in scams impersonating the IRS and targeting taxpayers. The good news is these scams are often easy to spot. If you receive a text message from the IRS asking you to provide personal information, it’s a red flag; it’s not from them. Be especially cautious of any links included in the message. A legitimate URL will always end in “.gov.” However, scammers may try to trick you by altering the link slightly, so look closely for any misspellings or strange characters. If in doubt, always verify through official channels.

Do you think AI is making it easier for scammers to impersonate legitimate organizations like the IRS? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Alert: Malware steals bank cards and passwords from millions of devices.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.