A tax scam is when a criminal pretends to be someone from the Internal Revenue Service (IRS) and tries to convince someone within your business to share your business’s Employer Identification Number (EIN) or other confidential information. The criminal uses this information to file a fraudulent tax return in your business’s name.

If you think your business is being affected by a tax scam, we recommend that you act immediately by following our guidelines below, and then proceed to our ReportRecover and Reinforce sections for further assistance.

Some Immediate Action Steps to Take

  • Contact the Internal Revenue Service (IRS) immediately to file a report. Call (800-366-4484) or submit a complaint online.
  • Respond immediately to any notices from the IRS. If you believe someone fraudulently used your business’s EIN, notify the IRS immediately using the contact information on the notice or letter.
  • Collect all relevant documentation related to the scam and keep them in a secure file. You may need to provide this documentation when you file a report.
  • Business Recovery Solutions: Find help with recovery by contacting one of our trusted partners.


Click Here to Report Your Incident to the FBI IC3

Reporting cybercrime incidents to the FBI Internet Crime Complaint Center (IC3) via the link above is very important! The more national reporting data that is collected, the better the chance law enforcement has to catch the criminals and decrease online crime. Although the FBI does not resolve individual complaints directly, they will make your report available to local, state and other law enforcement partners. FAQs about IC3 reporting can be found here. Please read the FBI/IC3 privacy policy here. (If you believe that you’ve received a phishing email, please forward the email directly to


These resources have been gathered, selected and vetted to help simplify the process of recovering after a cybercrime incident has taken place. You may need to contact organizations outside Results will vary depending on your circumstances.


Once you have notified the appropriate organizations and you are on the road to recovery, it is time to reinforce your cybersecurity using these resources and tools.

Implement Preventative Measures

  • Be aware that the IRS does not contact taxpayers by email, text messages or social media channels to request information. The first form of contact from the IRS will always come through the mail.
  • Establish procedures and open lines of communication with employees to help protect your business and lessen the impact of potential cybercrime.
  • Be sure websites are secure before submitting sensitive information. Find out how to spot a fake website.
  • Create strong passwords. Learn how from
  • Always enable a two-step/factor verification on your email, social media and other online accounts– which requires an additional code to log in.
  • Learn how to understand and address cybersecurity risks with the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials Toolkits.

Community Resources