IRS Dirty Dozen 2026: how to tell a tax refund text from a real IRS notice

On March 5, 2026, the IRS announced its Dirty Dozen tax scams list for 2026. The first item on the list was IRS impersonation by email and text, including phishing and smishing messages that may claim taxpayers need to verify an account, claim a refund, or click a QR code.

That is the practical problem.

The scam does not always look like a cartoon villain.

Sometimes it looks like a normal text message.

Sometimes it says your refund is waiting.

Sometimes it says your account needs verification.

Sometimes it uses a QR code because apparently scams got a product-design department.

If you are waiting for a refund, a message like that can hit exactly the wrong part of your brain.

The part that says:

Maybe this is real.

Do not let that part drive.

This article is for U.S. taxpayers who received an IRS-looking text, email, direct message, call, or letter in 2026 and want a practical way to decide what to do before clicking anything.

It is educational, not tax, legal, cybersecurity, or identity-theft recovery advice.

If money or personal information was stolen, follow the IRS recovery steps and consider contacting your bank, the FTC, IdentityTheft.gov, and a qualified professional.

The goal here is simple:

Spot the fake message before it becomes your problem.

The short answer

If you get an unexpected tax refund text claiming to be from the IRS, treat it as suspicious.

The IRS says suspicious IRS-related texts should not be answered, links or attachments should not be opened, and the message information can be sent to phishing@irs.gov with the subject line Text.

The IRS also says suspicious texts can be forwarded to 7726 or reported to the FTC.

Here is the quick decision table.

Message says	Safer first move
“Click to claim your IRS refund”	Do not click
“Verify your IRS account now”	Go directly to IRS.gov, not the link
“Scan this QR code for refund status”	Do not scan
“Pay now or be arrested”	Hang up or ignore, then verify
“We are the IRS on social media DM”	Treat as suspicious
Real-looking mailed IRS notice	Verify notice on IRS.gov or through your IRS account

The most useful rule:

Do not use the contact path the message gives you.

Use a known official path.

That one habit blocks a lot of nonsense.

What the 2026 Dirty Dozen says

The IRS Dirty Dozen is an annual list of common tax scams.

For 2026, the IRS highlighted threats to taxpayers, businesses, and tax professionals during filing season and beyond.

The 2026 list included:

• IRS impersonation by email and text;
• AI-enabled IRS impersonation by phone;
• fake charities;
• misleading tax advice on social media;
• identity theft involving IRS Online Account access;
• abusive undistributed long-term capital gains claims;
• bogus self-employment tax credit promotions;
• ghost preparers;
• non-cash charitable contribution schemes;
• overstated withholding schemes;
• spear-phishing and malware campaigns targeting tax professionals.

For a refund-text reader, the most urgent item is number one:

IRS impersonation by email and text.

The IRS described scammers sending emails, direct messages, and texts that appear to come from the IRS.

These messages may use alarming language, QR codes, fake IRS websites, refund claims, or account verification prompts.

That is exactly the trap.

The message tries to make the taxpayer act before thinking.

Why refund texts work so well

Refund anxiety is real.

People check refund status.

People wait for direct deposit.

People worry that something is stuck.

So a message saying “your refund is ready” or “verify to release your refund” lands at the perfect time.

Scammers use that timing.

They also use pressure.

Common hooks include:

• unclaimed refund;
• account hold;
• missing information;
• refund release;
• tax debt threat;
• fake legal warning;
• fake verification link;
• QR code to a fake website;
• social media direct message from an IRS-looking account.

The scam does not need to be beautiful.

It only needs one click.

One link can lead to a fake login page, malware, ransomware, identity theft, or a request for Social Security number, bank details, or payment information.

That is why the answer is boring:

Do not click.

Go around the message.

Real IRS contact vs fake contact

The IRS says it generally contacts taxpayers by mail first.

The IRS phishing reporting page also says the IRS does not send emails without permission and does not send text messages without permission.

For phone calls, the IRS says it never calls to demand payment now, threaten arrest, or inform you of a refund.

Use this table.

Contact type	Red flag
Text	Unexpected refund or verification link
Email	Attachment or link asking for account login
Social media DM	IRS-looking account asks for personal info
Phone call	Threatens arrest or demands immediate payment
Letter	Claims unclaimed refund or debt relief and asks for unusual response
Website	URL is not IRS.gov

Not every mailed letter is fake.

Not every phone call in the tax world is impossible.

But an urgent message asking for personal information through an unexpected link should not be trusted.

Especially if it asks for:

• Social Security number;
• IRS Online Account credentials;
• bank account;
• debit or credit card;
• driver license;
• identity documents;
• one-time passcode;
• crypto payment;
• gift card payment.

The IRS does not need you to buy gift cards to release a refund.

If a refund needs gift cards, congratulations, you have met a scam.

The refund text checklist

Before you click anything, run this checklist.

1. Was the message expected?
2. Did it arrive by text, email, or DM?
3. Does it claim to be from the IRS?
4. Does it promise a refund?
5. Does it create urgency?
6. Does it ask you to verify personal information?
7. Does it include a link?
8. Does it include a QR code?
9. Does the URL clearly end in irs.gov?
10. Does it ask for payment now?
11. Does it threaten arrest?
12. Does it ask for account login?
13. Does it ask for a one-time code?
14. Does it ask you to reply?
15. Can you verify the issue by going directly to IRS.gov?

If the message fails any of these checks, stop.

Do not reply.

Do not click.

Do not scan.

Do not call the number in the message.

Use IRS.gov directly.

The scammer gave you a door.

Use a different door.

What to do with a suspicious IRS text

The IRS reporting page gives a specific path for suspicious IRS or Treasury text messages.

If you get one:

1. Do not reply.
2. Do not click links.
3. Do not open attachments.
4. Send information to phishing@irs.gov with the subject line Text.
5. Include the sender’s phone number and text contents.
6. Include the recipient’s phone number.
7. Include the date, time, and time zone received.
8. Delete the original text.
9. Consider forwarding the text to 7726 to help your wireless provider.
10. Consider reporting to the FTC.

That is a lot, but the first three are the big ones.

Do not interact.

Collect enough information to report.

Then remove the trap from your phone.

If you already clicked or entered information, move to damage control.

Different problem.

Different checklist.

What to do with a suspicious IRS email

For a suspicious IRS or Treasury email, the IRS says:

• do not reply;
• do not click links;
• do not open attachments;
• send the email to phishing@irs.gov;
• use an IRS or Treasury subject line as appropriate;
• report to TIGTA;
• delete the email.

The safest method is often to save the email as a file or forward it as an attachment if your email provider supports that.

The IRS notes that ordinary forwarding can strip some data that helps identify and stop the scammer.

For normal taxpayers, the key is simple:

Do not have a conversation with the email.

Report it.

Delete it.

Then check your tax account through an official route if you are worried.

What to do with an IRS-looking social media message

The IRS says it does not send direct messages by social media.

That should be enough.

If an account on social media claims to be the IRS and asks you to verify tax information, treat it as fake.

Report the account to the social platform.

Send the full URL of the social media account to phishing@irs.gov with the subject Social media.

Then stop interacting.

Do not send screenshots of your tax transcript.

Do not send your Social Security number.

Do not send a selfie with your ID.

Do not send a one-time code.

Real tax administration should not feel like sliding into DMs.

What to do with a suspicious IRS phone call

The 2026 Dirty Dozen list includes AI-enabled IRS impersonation by phone.

That means phone scams are not just old-school call centers anymore.

They may use robocalls, voice mimicry, or spoofed caller ID.

The IRS says it generally contacts taxpayers by mail first.

It also says it does not leave urgent threatening prerecorded messages, call to demand immediate payment, or threaten arrest.

If you get a suspicious IRS-related call:

1. Do not give personal information.
2. Do not make payment during the call.
3. Record the number if possible.
4. Hang up.
5. Report it to TIGTA or call 800-366-4484.

Caller ID is not proof.

Voice confidence is not proof.

Urgency is not proof.

Official verification beats vibes.

Every time.

What if you got a real IRS letter?

Some IRS letters are real.

The trick is not to panic or blindly trust.

The IRS reporting page says if you get a letter claiming to be from the IRS, verify it is really from the IRS.

Use official routes:

• search IRS notices and letters on IRS.gov;
• sign in to your IRS Online Account directly;
• use the contact information on IRS.gov, not just a suspicious letter;
• compare notice number, tax year, and requested action;
• keep copies of any letters you send.

Real notices usually have a notice or letter number.

They refer to a specific tax year.

They tell you what the IRS changed, needs, or believes is due.

A fake notice may lean on vague fear:

• unclaimed refund;
• immediate lien;
• debt relief offer;
• unusual payment method;
• QR code to non-IRS website;
• pressure to call a number that is only on the letter.

If the letter looks odd, verify before acting.

Paper can lie too.

It just lies with better posture.

If you already clicked

If you clicked a link but did not enter anything, still be careful.

Consider:

• closing the page;
• not downloading anything;
• running a security check on your device;
• changing passwords if you typed them;
• enabling multifactor authentication;
• watching your IRS Online Account;
• monitoring financial accounts.

If you entered personal information, the IRS “If you were scammed” page says to take steps to limit damage.

It recommends immediately stopping interaction with the scammer, not sending money or sharing more information, contacting your financial institution, and following IdentityTheft.gov steps if identity information was stolen.

The IRS also suggests getting an Identity Protection PIN to help prevent someone from filing a tax return in your name.

This is not the moment for embarrassment.

Scams work because they are designed to work.

Move fast.

Protect the account.

Report the incident.

If someone used your information

If someone used your Social Security number or ITIN to file a tax return, the IRS recovery path may involve identity theft steps.

The IRS page says that if someone used your information to file a tax return, you can get a copy of the return and submit Form 14039, Identity Theft Affidavit, online or by mail.

If your return is rejected because someone already filed using your SSN or ITIN, report it to the IRS.

Also consider:

• IdentityTheft.gov;
• your state tax agency;
• your IRS Online Account;
• an IP PIN;
• your bank;
• credit monitoring or freezes if appropriate.

Do not let a fake refund text turn into next year’s filing problem.

The sooner you lock down identity and tax access, the better.

Dirty Dozen items that can look like refund help

Not every scam arrives as “IRS refund text.”

Some scams pretend to be advice.

The 2026 Dirty Dozen included misleading tax advice on social media, bogus self-employment tax credit promotions, overstated withholding schemes, and abusive Form 2439 claims.

Those can all look like ways to get a bigger refund.

That is the dangerous part.

The message may not say “I am the IRS.”

It may say:

• “Use this tax hack for a bigger refund”;
• “Everyone qualifies for this credit”;
• “Report zero income and huge withholding”;
• “Claim this investment fund credit”;
• “Your preparer can unlock a refund”;
• “This secret refund is being suppressed.”

The IRS warns that false information can lead to refund delays, audits, penalties, or worse.

So the refund scam checklist should cover both:

1. Fake IRS messages.
2. Bad refund advice.

One steals your information.

The other may make you file a bad return.

Neither is your friend.

Real notice or scam: side-by-side table

Sign	More likely legitimate	More likely scam
First contact	Mailed notice	Unexpected text, email, DM
Website	IRS.gov	Lookalike URL
Tone	Specific tax issue	Urgent fear or reward
Refund claim	Shown through official IRS tools	Link says “claim now”
Payment demand	Official payment options	Gift card, crypto, wire pressure
Identity request	Through secure official process	Reply with SSN or code
Social media	Public IRS accounts only	DM asking for personal info
Phone	Not immediate arrest threats	Threatens arrest or demands payment
Action	Verify through IRS.gov	Click link or scan QR

Use the table before emotion takes over.

Refund season is a weird time.

Everyone wants the money to arrive.

Scammers know that.

A safe verification routine

When something claims to be from the IRS:

1. Stop.
2. Do not click the link.
3. Open a fresh browser.
4. Type irs.gov yourself.
5. Check official IRS tools or your IRS Online Account.
6. Search IRS notice numbers directly on IRS.gov.
7. Report suspicious messages through the IRS reporting page.
8. Keep records.

This routine is not exciting.

It is supposed to be boring.

Security is often the art of being boring at the right moment.

Related Reading

• Filed a 2026 tax extension with Form 4868: what still had to be paid by April 15?
• Excess Roth IRA contribution after Tax Day 2026 – recharacterization, extension, and Form 8606 checklist

FAQ

Does the IRS text people about refunds?

Treat unexpected refund texts as suspicious.

The IRS says it does not send text messages without permission, and the 2026 Dirty Dozen specifically warns about IRS impersonation by email and text.

What should I do with a suspicious IRS refund text?

Do not reply, click links, or open attachments.

Send the sender number, message contents, recipient number, date, time, and time zone to phishing@irs.gov with the subject line Text, then delete the original text.

You can also forward the text to 7726.

Can a QR code in an IRS-looking message be dangerous?

Yes.

The 2026 Dirty Dozen warning says scammers may use QR codes that lead to fake IRS websites.

Do not scan unexpected QR codes from IRS-looking texts, emails, or DMs.

Does the IRS call and threaten arrest?

No.

The IRS says it does not leave urgent threatening prerecorded messages, call to demand immediate payment, or threaten arrest.

Hang up and verify through official channels.

What if I already gave personal information to a scammer?

Stop interacting, do not send more money or information, contact your financial institution, follow IdentityTheft.gov steps if identity information was stolen, and review IRS identity theft guidance, including an IP PIN.

참고 자료/공식 출처

• IRS, “Dirty Dozen tax scams for 2026: IRS reminds taxpayers to watch out for dangerous threats”, IR-2026-30, published 2026-03-05
• IRS, “Be aware of Dirty Dozen tax scams for 2026”, published 2026-04-10
• IRS, “Report fake IRS, Treasury or tax-related emails and messages”, accessed 2026-04-27
• IRS, “Tax scams: What to know, what to do”, accessed 2026-04-27
• IRS, “If you were scammed”, accessed 2026-04-27