Printable Form 2026

IRS Publication 5433-C – Working Virtually: Part 4 – Avoid Phishing Scams

IRS Publication 5433-C – IRS Publication 5433-C, titled Working Virtually: Part 4 – Avoid Phishing Scams, is a concise guide from the Internal Revenue Service (IRS) released in August 2020. It forms part of a five-part “Working Virtually” series developed by the IRS and its Security Summit partners. The publication targets tax professionals, who increasingly rely on telework (remote or virtual work environments), to highlight the critical need to protect sensitive client tax data from cybercriminals. You can download the official PDF directly from the IRS website: https://www.irs.gov/pub/irs-pdf/p5433c.pdf.

Phishing remains one of the most common entry points for data breaches, especially in remote setups where workers may use personal devices or less secure networks. The core message of Publication 5433-C is straightforward: Most data thefts start with a phishing email trick. Cybercriminals exploit trust by impersonating legitimate sources to steal credentials, install malware, or gain access to valuable tax information.

Why Phishing Poses a Greater Risk in Virtual Work

The shift to remote work—accelerated by events like the COVID-19 pandemic—has expanded opportunities for scammers. Publication 5433-C specifically warns tax practitioners to stay vigilant against email phishing scams that exploit situations like Economic Impact Payments (stimulus checks) and other COVID-related programs. Thieves pose as trusted entities, such as:

  • Clients
  • Tax software providers
  • The IRS itself

This impersonation tricks users into revealing sensitive information or compromising systems.

How Phishing Emails Typically Work?

Phishing emails often share these red-flag characteristics:

  • Urgent or threatening language — Examples include claims like “your account password expired” or warnings of immediate account suspension.
  • Requests to act quickly — They pressure recipients to click links or open attachments without delay.
  • Fake links or attachments — Links may lead to counterfeit websites that mimic real ones (e.g., an IRS login page) to harvest usernames, passwords, or other data. Attachments can install malware that secretly steals credentials over time.

The publication stresses a simple rule: Remember, don’t take the bait.

Key Prevention Tips from IRS Publication 5433-C

To combat these threats, the IRS recommends practical steps tailored to virtual workers and tax pros:

  • Learn to recognize phishing — Train yourself and your team to spot suspicious emails by examining sender addresses, grammar errors, and unexpected requests.
  • Avoid clicking links or opening attachments in unsolicited or suspicious messages — Verify directly by typing the official website URL into your browser instead.
  • Implement “trusted customer” policies — For new or potential clients, confirm identity through phone calls or video conferences rather than relying solely on email.
  • Build a strong data protection plan — Combine this with other Security Summit recommendations (from companion publications in the series) to safeguard client information in remote environments.

These habits are essential for anyone working virtually, as home offices often lack the layered security of traditional workplaces.

Reporting Suspicious Activity

If you receive an email that appears to come from the IRS but seems fraudulent, forward it immediately to [email protected]. This helps the IRS track and disrupt scam operations. Taxpayers and preparers alike should use this channel for IRS-impersonation attempts.

For broader resources, visit the official IRS Security Summit page at www.irs.gov/securitysummit, which offers ongoing tips and updates on protecting tax data.

Staying Current: Phishing Threats in 2026

While Publication 5433-C dates to 2020, its core advice remains highly relevant. Phishing tactics have evolved, with scammers now using AI to create more convincing messages, texts (smishing), and even voice calls. Recent IRS warnings (as of 2025–2026) emphasize:

  • The IRS never initiates contact via email, text, or social media to request personal information, demand immediate payments, or threaten arrest.
  • Common current scams include fake refund notifications, Employee Retention Credit (ERC) schemes, clean energy tax credit fraud, and impersonation demanding payments via gift cards or wire transfers.
  • Red flags include urgency, threats, unusual payment methods, or requests to click links/verify identity unsolicited.

To stay protected today:

  • Enable multi-factor authentication (MFA) on all accounts.
  • Use official IRS channels (like IRS.gov) to check refund status or communications.
  • Report suspected scams to the IRS, Treasury Inspector General for Tax Administration (TIGTA), or the FTC.

By following the timeless guidance in IRS Publication 5433-C—don’t take the bait, verify sources, and report suspicious emails—you can significantly reduce your risk of falling victim to phishing in a virtual work environment. For the full details, refer to the official document linked above.