You should always be vigilant and skeptical about email communications you receive, but especially during the holiday season as you shop online.

Phishing attacks use email or malicious websites to get personal information from you. In many cases, the criminal fools you into believing the email is from someone you can trust. Emails often have the look and feel of authentic communications. These targeted messages can trick even the most cautious person into doing something that may compromise data.

Here are 6 examples of phishing scams from the IRS:

1. Emails requesting personal information. The thief might ask for bank account numbers, passwords, credit cards and social security numbers. This is the most common way thieves steal data.
2. An email that urgently warns you to update online financial accounts at a hyperlink provided in the email. The link goes to a fake site which looks legitimate.
3. A message with an email address spoofing a familiar address to look like a trusted business, friend, or family member. The fake address has a slight change in text, such as name@example.com vs narne@example.com. Merely changing the “m” to an “r” and “n” can trick people.
4. Emails saying the recipient has a tax refund waiting at the IRS or that the IRS needs information about insurance policies. The IRS does not initiate spontaneous contact with taxpayers by email to request personal or financial information.
5. An email that has hyperlinks in the message that take you to a fake site. In one example, the email says, “Following recent calculations, we notice that you are eligible to receive a refund. In order to start the refund procedure, please visit this link and follow the steps required.”
6. An email that includes a PDF attachment that may download malware or viruses. Never open an attachment from a suspicious email address.

  If you are unsure if an email is really from a legitimate source, contact who you think the sender of the email is directly via phone to verify. Its always better to be cautious.