IRS Warns of Higher Education Phishing Scam

Written by

The United States' Internal Revenue Service (IRS) has issued a warning over an ongoing phishing scam targeting higher education establishments in the United States. 

In a statement released yesterday, the IRS said that it was being actively impersonated over email by cyber-attackers seeking to trick victims into handing over sensitive data.  

Students and staff have received phishing emails directing them to a fraudulent website. The site asks users to provide their Social Security number, full name, date of birth, prior year annual gross income, driver’s license number, address, and electronic filing PIN. 

“The IRS' has received complaints about the impersonation scam in recent weeks from people with email addresses ending in '.edu,'" said the IRS. 

“The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.”

The scam emails display the IRS logo and use a number of different subject lines including "Tax Refund Payment" or "Recalculation of your tax refund payment." 

Recipients are asked to click a malicious link and submit a form to claim a tax refund.

The IRS is asking anyone who receives this scam email to save it and forward it as an attachment to

“Students and staff are not only dealing with the chaos of the pandemic, but now are being targeted in relation to their tax refunds,” commented Niamh Muldoon, global data protection officer at OneLogin.

“Distractions are plentiful as people start to reconnect and adjust to hybrid learning and schedules. Information floods in, typically by email and collaboration tooling. Unfortunately, recipients are often ill-prepared to determine if devices are configured with security in mind.”

Asked what schools and universities could do to protect themselves from phishing threats, Muldoon told Infosecurity Magazine: “Seeing that cybercriminals have consistently targeted academic institutions through various threat vectors, including phishing campaigns, it would be wise for these education institutions to offer support and training. 

“The training really should be provided prior to providing devices and online system access. It is only through security awareness training that students and staff can make better-informed decisions.”

She added: “Partnering with IAM trusted providers to implement two-factor authentication reduces associated risks of unauthorized access to education devices and systems.”

What’s hot on Infosecurity Magazine?