Same creepy robovoice … 3 different phone numbers … it must be tax refund time!

The IRS’ weekly tax stats for the third week of the tax processing season are just as depressing as the stats for the two preceding weeks. No doubt employees, who are normally anxious about their refunds anyway, have heard about what’s going on with tax refunds this year.

Con artists have heard, too. I know because three phishing robocalls from three different phone numbers landed in my voicemail last week. And anxious employees make mistakes, like clicking on links in emails.

Don’t take the bait

Phishers have had to become more sophisticated, since the W-2 scam has basically played itself out. So they’re targeting employees directly. Employees may receive what look like legitimate emails from HR asking them to review direct deposit information or from their bosses asking for their help in solving a problem while they’re rushing to a meeting.

The IRS also reported a somewhat new scam involving tax transcripts. The emails look like they come from the IRS and they’re designed to get recipients to click on an attachment that’s labeled “Tax Account Transcript” or “tax transcript,” which is infected with malware.

Payroll Handbook D

Now is a good time to remind employees on how to spot these scams.

  • If an email is marked ***External Email use caution***, it can’t be from a colleague who’s using the company’s email.
  • Employees should look for misspellings or grammar-challenged text on websites or emails, invitations to click through or to provide Social Security numbers, aggressive language regarding collection activities (including the use of iTunes cards). Also, emails from government agencies come from .gov domains. Employees should beware urls that end in .com, .org or .net.
  • If employees aren’t sure if an email is legit, they can mouse over or click on the sender’s name. If the sender’s details don’t match up, it could be spam.

Also warn employees to not Google the IRS’ website. If they want to track their refunds online, they can go to

And finally, report suspected phishing attempts to the IRS at