Fake IRS tax refund deposit phishing — non-official sender falsely claims the recipient has an approved, pending, or expiring federal tax refund and requests bank account number, routing number, or direct deposit details to "process" the deposit, or links to a credential-harvesting portal impersonating the IRS or U.S. Treasury

Phishing emails falsely claiming the recipient has an approved, pending, or expiring federal tax refund — then requesting bank account numbers, routing numbers, or direct deposit details to "process" the payment, or directing them to a credential-harvesting portal that impersonates the IRS or U.S. Treasury website. The IRS exclusively uses postal mail for initial contact and only communicates about refunds through irs.gov or the official IRS2Go app — it never requests banking information by email. Key facts: (1) IRS Dirty Dozen 2024: phishing/smishing impersonating the IRS is consistently listed as one of the top 12 tax scams; IRS-branded phishing attempts spike January–April during tax season; (2) The IRS never sends unsolicited emails about tax refunds — all legitimate refund communications begin with a mailed letter to the taxpayer's address on file; (3) "Refund expires in 48 hours" is a false urgency tactic — federal tax refunds never expire on a 48-hour deadline; actual unclaimed refunds have a 3-year statute of limitations; (4) Credential portals mimic irs.gov with similar color schemes and government seals, and are hosted on lookalike domains (irs-refund.gov.net, tax-refund-portal.com). Warning signs: email contact from any non-irs.gov domain, request for bank account or routing numbers by email, artificial expiration deadline on a tax refund, click-to-claim link from an unsolicited email.