Tax refund scammers target university staff and students

"IRS" scam written on a keyboard

The Internal Revenue Service (IRS) has warned of ongoing phishing attacks impersonating the IRS and targeting educational institutions.


The present and the future of higher education IT

Exploring IT’s vital role during the pandemic and how they can help shape the university of tomorrow


The attacks focus on universities' staff and students with .edu email addresses and use tax refund payments as bait to lure unsuspecting victims.

The IRS said the phishing emails “appear to target university and college students from both public and private, profit and non-profit institutions.”

It added that the suspect emails display the IRS logo and use various subject lines, such as "Tax Refund Payment" or "Recalculation of your tax refund payment." Clicking on a link takes victims to a fake website that asks people to submit a form to claim their refund.

The scammers ask taxpayers to provide a wide array of information, including their social security number, first and last name, date of birth, annual gross income, driver's license number, current address, and electronic filing pin.

The IRS warned people who receive this scam email not to click on the link in the email but report it to the IRS.

“For security reasons, save the email using "save as" and then send that attachment to or forward the email as an attachment to,” the IRS said in a statement.

Taxpayers who may have provided identity thieves with this information should also get an Identity Protection PIN to prevent thieves from filing fraudulent tax returns in their names using stolen personal information.

Any scams reported to the Treasury Inspector General for Tax Administration will be investigated further by the IRS' Criminal Investigation division. Last year, the IRS identified over $2.3 billion in tax fraud schemes.

Chris Hauk, consumer privacy champion at Pixel Privacy, told ITPro that like every year, taxpayer-targeted fraud schemes are again plaguing US citizens.

“This is especially true these last two tax seasons, thanks to complications and confusion caused by COVID-19-related delays and tax law changes, as well as stimulus payments being delivered by the IRS,” he said.

“Taxpayers will need to be more vigilant than ever for possible hacking attempts. Users should never click links or open attachments sent with unsolicited emails or text messages. Users also want to be careful when opening documents, even from known sources, due to macros that can be used in MS Office documents. All users should immediately disable macros in MS Office apps."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.