Welcome back! Ask questions, get answers, and join our large community of tax professionals.
cancel
Showing results for 
Search instead for 
Did you mean: 

Email from IRS.online.services

Highlighted
Level 3

I received this email today allegedly from the IRS.  As far as I know I do not have an account with the IRS and don't have any password, other than the ones for my PTIN.  I don't know what IRS tools it is referring to, either.

Does anyone know if this is really from the IRS or if it is a fishing scam?  If it is real, to what account is it referring?

There have been three (3) unsuccessful login attempts on your IRS account. Our goal is to keep your data secure. For your protection, we have disabled access to your IRS account for 24 hours.

If you did not try to access your IRS account, we recommend the following action:

  • After the 24 hour lock has expired, log into an IRS tool with your username and password. When you log in, you will be given a chance to review your login history to ensure that no suspicious logins have occurred. The website will display a list of successful and failed logins when you log in.
  • A failed login means that your information was NOT accessed online.
  • If you continue to receive lockout emails and did not attempt to login, you may change your password for security purposes. You can do this by logging in after the 24 hour lock has expired and editing your profile.
  • The IRS reminds taxpayers to use a unique password for IRS online tools.

About this message:
We've sent you this automated email because your account access has been temporarily disabled. For your security, the IRS will never contact you for personal or financial information in an email. Please do not reply because we are not able to respond to messages sent to this email address.

0 Cheers
1 Solution

Accepted Solutions
Highlighted
Level 15

If I were you, I would do a full scan of the computer and network to make sure there's no infection, including keylogger.  I would then log onto e-services (without using any link in the email) to check if it's really been suspended and, if not, change the password immediately just in case.  With 2FA activated, it's not that easy to break into your account.

After all is done, forward the email to the IRS at [email address removed] and delete the copy in your email client/server, etc.

---------------------------------------------------------------------------------
Still an AllStar

View solution in original post

4 Replies 4
Highlighted
Level 15

If I were you, I would do a full scan of the computer and network to make sure there's no infection, including keylogger.  I would then log onto e-services (without using any link in the email) to check if it's really been suspended and, if not, change the password immediately just in case.  With 2FA activated, it's not that easy to break into your account.

After all is done, forward the email to the IRS at [email address removed] and delete the copy in your email client/server, etc.

---------------------------------------------------------------------------------
Still an AllStar

View solution in original post

Highlighted
Level 15

How prudent of Intuit as usual, removing a legit email address from the post </s>.  Here it is again...  Hope you can piece it together.

phishing at irs.gov

---------------------------------------------------------------------------------
Still an AllStar
Highlighted
Level 3

Thank you very much.

0 Cheers
Highlighted
Level 15

NP, @Chris268.  Anytime.

---------------------------------------------------------------------------------
Still an AllStar
0 Cheers