Tax Identity Theft via Email
Phishing emails impersonating tax authorities trick recipients into surrendering their national identification numbers and financial details, which fraudsters then use to file bogus tax returns and collect refunds.
Part of: Tax Identity Theft
Last reviewed: 1 June 2026
Email remains the primary delivery channel for tax identity theft attacks. Fraudsters send messages that closely mimic official communications from tax agencies, using authentic-looking logos, sender addresses that spoof official domains, and urgent language designed to pressure recipients into immediate action.
The goal is to obtain enough personal and financial data — typically a national tax identification number, date of birth, and prior-year income figures — to file a fraudulent tax return before the legitimate taxpayer does, claiming any refund into an account the fraudster controls.
How this scam works on Email
A phishing email arrives claiming the recipient's tax return has been flagged for review, that a refund is awaiting claim, or that additional information is required to avoid penalties. The message includes a link to a convincing replica of the official tax portal, where the victim enters their taxpayer identification number, previous addresses, and financial details.
In some variants the email requests that the recipient open an attachment — a PDF or Word document containing a form 'to be completed and returned'. The form asks for the same sensitive data in a format that appears to come from the official agency letterhead.
More sophisticated operations send preparatory phishing emails weeks before tax season claiming to update contact information, priming the target before the main attack. Once the fraudster has the necessary data, they file a return in the victim's name and redirect the refund to a prepaid debit card or cryptocurrency wallet.
Common red flags
- Email claiming a refund is available but requiring you to click a link and enter personal details
- Sender domain that looks almost but not exactly like the official tax authority domain
- Attachment requesting your tax identification number or previous-year income
- Urgency language warning of penalties for not responding within 24 to 48 hours
- Email received very early in tax season before you have filed your own return
- Request for a bank account number to 'update refund deposit details'
- Official-looking email that lacks your name or account number in the greeting
How to protect yourself
- File your tax return as early in the season as possible to beat fraudsters to a legitimate filing
- Register with your tax authority's online portal and set up two-factor authentication
- Never click links or open attachments in emails claiming to be from a tax agency — navigate directly to the official website
- Set up an Identity Protection PIN with your tax authority if one is offered
- Place a credit freeze with major credit bureaus, as tax fraud often accompanies broader identity theft
- Enable email security tools such as DMARC-aware spam filters that flag spoofed sender domains
How to report it
- Forward the phishing email to your national tax authority's dedicated phishing reporting address (e.g. [email protected] in the US)
- File an identity theft affidavit with your tax authority if a fraudulent return has already been filed
- Report to your national cybercrime unit and file a complaint with the relevant consumer protection agency
Frequently asked questions
What should I do if someone has already filed a tax return in my name?
Contact your tax authority immediately. Most agencies have an identity theft unit that can flag your account, reverse the fraudulent return, and guide you through filing a legitimate replacement. You will likely need to submit an identity theft affidavit and possibly a copy of a government-issued ID.