Skip to content
SecForge
GUIDES · PHISHING

How to tell if an IRS text message is fake.

The IRS has one rule that cuts through almost every version of this scam: it does not initiate contact by text message. Here's what real scam texts look like, and what to do with one.

July 9, 20267 min read

A text message arrives claiming to be from the IRS. Maybe it says your refund is on hold, maybe it warns of a penalty, maybe it asks you to "verify" your identity or your account before a deadline. There's a link. It looks urgent, and it's built to feel that way on purpose.

This is smishing — SMS phishing — a message impersonating a trusted institution (in this case, the IRS) designed to get you to click a link, land on a convincing fake page, and hand over personal or financial information: your Social Security number, bank details, card number, or login credentials for a real tax or financial account. The text itself does no damage. The damage happens on the page it links to, and in what you type there.

These campaigns tend to spike around predictable moments: the run-up to the filing deadline, the weeks after a filing deadline when refunds are on people's minds, and any period when the news is talking about stimulus payments, tax credits, or IRS backlogs. Scammers borrow whatever is already on your mind and turn it into urgency. That's not a coincidence — it's the entire design of the message.

The rule that exposes almost every fake IRS text

The IRS's own published guidance on scams is direct about this: the IRS does not initiate contact with taxpayers by text message, email, or social media to request personal or financial information. It does not demand immediate payment through gift cards, wire transfers, or cryptocurrency, and it does not threaten to send local police or other law enforcement to your door over an unpaid balance.

That single fact does most of the work for you. Any text message claiming to be from the IRS that asks you to click a link about a refund, a penalty, or to "verify your identity" fails this test immediately — because the real IRS simply doesn't start conversations that way. If first contact from the "IRS" ever arrives as a text, you already know enough to stop reading and start deleting.

Common signs of a fake IRS text

Beyond the channel itself, the content of these messages tends to share a handful of tells:

  • Manufactured urgency. "Your refund is on hold," "immediate action required," "your account will be suspended" — all designed to make you act before you think.
  • An unfamiliar or shortened link. A domain that doesn't end in a real .gov address, often shortened or disguised so you can't see where it actually leads until you're already on the page.
  • Requests for sensitive data. Card numbers, bank account and routing numbers, Social Security numbers, or a one-time verification code — none of which the real IRS asks for by text.
  • Threats of arrest, deportation, or license suspension. This kind of aggressive, fear-based framing has been a hallmark of large-scale tax scam campaigns for years, precisely because fear short-circuits careful thinking.
  • Misspellings and awkward phrasing. Official IRS communications are proofread and formal; mass-sent scam texts frequently aren't.
  • A sender number that looks like a regular mobile number. Legitimate large-scale government notifications don't typically arrive from what looks like an ordinary ten-digit cell number, and sender numbers themselves are trivial to spoof — so a familiar-looking number proves nothing either way.

Any one of these on its own is a reason to slow down. Several of them together — which is typical — should be treated as confirmation.

Check the actual domain, not the words in the message

A link can contain the letters "irs" and still have nothing to do with the IRS. A domain like irs-refund-status.com or irs.payment-verify.net is not irs.gov — it just borrows the name to look legitimate at a glance. Real IRS online services live at irs.gov specifically, not at a lookalike domain, a subdomain trick, or a shortened link that hides the real destination.

Don't trust a link because the surrounding message sounds official or uses real IRS terminology like "refund," "notice," or "account." Check the actual domain before you click anything. If you're not certain, the safest move is to not click at all — open a browser and type irs.gov in yourself, rather than following any link a text message hands you.

This same trick shows up outside of text messages too — in emails, in ads, in search results. The pattern to watch for is always the same: extra words tacked onto a real-sounding name, hyphens where a real domain wouldn't have any, or an unfamiliar ending in place of .gov. None of that requires special tools to catch. It just requires actually looking at the address bar instead of the page's logo or wording.

What to do if you get one

Don't click the link. Don't reply to the text, even to say "stop" or "wrong number" — replying confirms your number is active and reaches a real person, which can lead to more targeting. Don't call any phone number included in the message.

If you have an actual tax matter you want to check on, go directly to irs.gov or call the official IRS number, but find that number independently — through the IRS website or a past official letter — never from the suspicious text itself. Then report the message: the IRS accepts reports of phishing texts and emails through its published phishing-report process, listed on irs.gov. Forwarding the scam text through that channel helps the IRS track and shut down active campaigns.

If you already clicked or entered information

If you only opened the linked page and didn't type anything, close it. Nothing further to do there.

If you entered personal information — your name, address, date of birth, or Social Security number — start monitoring your accounts closely and consider placing a fraud alert or a credit freeze with the three major credit bureaus: Equifax, Experian, and TransUnion. A freeze is free and it's the strongest step available to stop someone from opening new credit in your name.

If you entered payment or bank account details, contact your bank or card issuer immediately — see what to do if you entered your card on a fake website for the exact steps and timing that matter most.

If you're specifically worried about tax-related identity theft — someone filing a fraudulent return in your name, for instance — the IRS's Identity Protection PIN program is designed to prevent exactly that, and identitytheft.gov, run by the Federal Trade Commission, is the right place to start a personalized recovery plan no matter which type of identity theft you're dealing with.

Report it

If personal information was compromised, file a report at identitytheft.gov — it walks you through a recovery plan tailored to what was exposed. Report the phishing text itself through the IRS's phishing-report process on irs.gov, and file a general fraud report at reportfraud.ftc.gov, the FTC's consumer fraud intake that feeds law enforcement's broader pattern-tracking. For the full walkthrough on documenting and reporting a scam, see how to report a scam website.

The one-sentence version. The IRS does not text you first — that fact alone resolves almost every version of this scam.