Trend Micro’s top tips how to avoid SSA, IRS, and FBI scams

On Thursday, March 7, we’ll celebrate National Slam the Scam Day, an initiative launched in the USA by the Social Security Administration’s Office of the Inspector General to raise awareness of government imposter scams. Imposter scams caused US consumers to lose nearly $2.7 billion in 2023 alone, and when bad actors impersonate the government, their deception can be especially convincing and concerning for potential victims.

In support of Slam the Scam Day, we’ve compiled a list of five US government imposter scams that you should be aware of. However, if you don’t live in the US, the advice in this post will help you recognize similar scams in your own country.

Keep reading to learn how to spot and avoid these deceptive schemes.

IRS Tax Refund Scam

Watch out for scammers impersonating the IRS and claiming that you’re due a tax refund. The communication will often say that you’re eligible for a tax refund, but you need to provide or update your address/bank details. Here are two examples of this scam:

These emails encourage you to click on the embedded button, which leads to a scammer-controlled website that prompts you to enter your personal information — and this is exactly what the scammers are after.

Don’t interact with such emails in any way and remember that the IRS will never initiate contact with you by email, text, or social media regarding a tax refund. If you are using a desktop device and you see a suspicious link, hover your mouse over it to uncover where it truly leads. If you are unsure if a link is legitimate, you can verify it at the Trend Micro Site Safety Center for free.

IRS Unpaid Tax Scam

Scammers may also impersonate the IRS and email you claiming that your tax payment was unsuccessful and that you need to repay. Inside the email there is an attachment containing a receipt for the refunded failed payment. Here’s what it looks like:

IRS Unpaid Tax Scam

However, the attachment is malicious and potentially capable of many nefarious behaviors, such as allowing the scammer access to your files/data and possibly even enabling them to spy on you through your device’s camera. 

If you’re ever suspicious of an email or you don’t recognize the sender, don’t click on any attachments. Also, did you notice any grammatical errors in the above scam? Always keep an eye out for poor spelling, punctuation, and grammar.

Social Security Number Suspension Scam

This scam is particularly scary because it claims that your Social Security number has been or will be suspended and often threatens you with legal action. Here are two examples:

The goal of this email scam is to scare you into calling the provided number. However, it won’t be a representative from the Social Security Administration (SSA) on the other end; it will be a scammer, whose goal is to trick you into sharing your valuable personal information.

If you receive a suspicious email from the SSA or any other government agency, don’t call any included numbers. Instead, visit the agency’s website directly using your usual search engine (such as Google, Yahoo, or DuckDuckGo) and use the contact information available there. For reference, the SSA’s legitimate phone number is 1-800-772-1213.

Fake FBI Email Scam

In this scam, the sender impersonates an FBI agent, claiming that you’ve been sent a package containing a large amount of money, but due to a lack of documentation the package has been confiscated, and you’re at risk of being arrested for money laundering. Here’s an example:

Fake FBI Email Scam

This scam email instructs you to reply within 72 hours and avoid contacting a bank or anyone else. The scammer does not want you to contact anyone else as you may uncover that this is a scam email. The 72-hour deadline places an urgency on you to respond quickly — this is a common tactic used by scammers.

If you look closely, you will see that the sender’s email address (which has been partially blurred) doesn’t resemble an official government/FBI email address in any way — a huge red flag that it’s completely bogus.

IC3 Fake Compensation Scam

This scam involves the scammer impersonating the Internet Crime Complaint Center (IC3) and falsely claiming that you’re eligible to receive over $1.7 million in restitution for being a victim of an online fraud scheme. Here’s what the scam email looks like:

IC3 Fake Compensation Scam

Of course, it’s simply not true; the scammer’s goal is to entice you into contacting the included email address. If you were to do as instructed and send an email, a scammer would begin corresponding with you with the goal of tricking you into sharing your personal information. 

Top Tips to Slam the Scam!

National Slam the Scam Day is designed to raise awareness about US government imposter scams, but no matter where you live in the world, the following tips will help you avoid becoming a victim of a government imposter scam.

Red Flags of Government Imposter Scams

  • The scammer does not provide valid contact information.
  • They show authority and knowledge about your personal information.
  • They establish rapport by offering assistance or building a false sense of trust so that you may lower your guard and share valuable personal information.
  • They create a sense of urgency and request you to take immediate action.
  • They prompt you to click on links or contact a phone number or email address.
  • The sender’s email address or phone number is suspicious and appears to be non-governmental.
Slam the Scam

If you receive a suspicious phone call, email, or text: 

  • Pause and take a deep breath. Remember, scammers are tricksters.
  • Trust your gut instinct, not caller ID.
  • Hang up and/or block the number.
  • Report it to the official organization the scammer was impersonating.
  • Do not click on links or open attachments.
  • Be suspicious of requests for payment that you did not initiate or expect.
  • Do not share your personal information such as passwords, one-time verification codes, or bank account details.
  • Do not call phone numbers or correspond with email addresses provided to you from unsolicited communications.
  • Check the sender’s email address or phone number. For example, if the email claims to be from a government agency yet the email address ends in, it is not to be trusted.
  • Locate the government agency’s official contact information by visiting its website.

Check If Your Personal Information Has Been Leaked Online

If you’ve ever received an email, text message or phone call that you suspect is a scam, it may be the case that your personal information has been leaked online. Both the internet and the dark web are hotbeds for leaked personal information, so if your personal data is visible in either of these places, it is easily accessible to cybercriminals.

Fortunately, with Trend Micro ID Protection, you can find out if your email address and/or phone number have been compromised — quickly and completely free of charge.

Try ID Protection It’s free

Click here to search the internet and dark web for your data using ID Protection’s Data Leak Checker.

Need to Report a Government Imposter Scam?

You can report government imposter scams to the Federal Trade Commission.

As for Social Security-related scams and fraud, you can report them to the Social Security Administration.

If you found this article interesting and helpful, please share it with your friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button below and leaving a comment to tell us what you think!

Avril Ronan
Avril Ronan

Avril Ronan is Global Program Manager of the Internet Safety for Kids and Families Program at Trend Micro. Avril is best known for working in community; engaging students, parents, educators and senior citizens in the conversation about online safety. The ultimate goal of each conversation is to empower people to be online in safe, responsible and successful ways. As a regular public speaker, Avril collaborates with academia, law enforcement, industry and government having coordinated and delivered programs to date around the world such as What’s Your Story?, Cyber Academy (now in 19 languages), and the #StayAtHome
Webinar Series.