Go to MKG Tax Consultants
Ask AI
HomeGeneralReport phishing | Internal Revenue Service

Report phishing | Internal Revenue Service

Report Phishing | Internal Revenue Service

Phishing exercises are a common practice for organizations to test their employees' awareness and response to phishing attempts. However, it is important to note that the Internal Revenue Service (IRS) does not grant permission to use "IRS" or its logo in phishing exercises. This applies to both vendor platforms and exercises conducted using open-source tools.

Prohibited Usage

You are strictly prohibited from using the IRS name or any colorable imitation of it (e.g., lRS, 1rs, etc.) in phishing exercises. Various government agencies have published guidelines stating that the name, logo, or insignia of a U.S. government agency cannot be used in a manner that suggests association or endorsement by the agency or its officials.

Tax-Themed Phishing Exercises

Phishing exercises that involve IRS, Treasury, or tax-related themes often lead recipients to believe that they have a tax-related issue. Some recipients may even attempt to report or resolve the issue with the IRS, tax preparers, or other external organizations.

To ensure compliance and avoid any confusion or unintended consequences, organizations are encouraged to coordinate with their human resources and legal departments before conducting any phishing exercises. It is also important to note that tax-themed exercises should not be conducted during tax season.

Precautions and Guidelines

Before conducting a tax-themed phishing exercise, the security team should advise employees to forward any suspicious emails to the organization's security team. This helps in identifying potential phishing attempts and taking appropriate action.

Organizations and vendors conducting phishing exercises should provide the necessary contact information (e.g., telephone number and email address) for the group responsible for the exercise on the exercise landing pages or similar platforms. This ensures that employees have a reliable source to reach out to if they have any concerns or questions.

It is crucial to emphasize that employees should not be directed to forward tax-related exercise emails to phishing@irs.gov or contact external organizations, including the IRS or tax professionals. This helps prevent unnecessary confusion and ensures that employees are aware of the proper channels for reporting suspicious activity.

Post-Notification

Tax-themed phishing exercises should always include a post-notification to inform recipients that their taxes have not been affected. This helps alleviate any concerns or confusion that may arise from the exercise.

In conclusion, while phishing exercises are an important tool for testing employee awareness, it is essential to adhere to guidelines and avoid using the IRS name or logo. By following these precautions and guidelines, organizations can conduct effective phishing exercises while maintaining compliance and clarity for their employees.

Related articles
Tax Season Refund Frequently Asked Questions | Internal Revenue Service
Kote Ranbousman Mwen an? | Internal Revenue Service
IRS2GoApp | Internal Revenue Service
Estimated taxes | Internal Revenue Service
San Diego County floods | FTB.ca.gov
About Form W-4, Employee's Withholding Certificate | Internal Revenue Service
Copyright © 2024 MKG Tax Consultants . All rights reserved.