That QR code isn't really from the I.R.S.

As a tax person, I'm on an email mailing list with a bunch of top-notch tax professionals. One of them sent this message to the group yesterday. Every taxpayer should read it:

One of my clients forwarded me a letter they believed was sent by the IRS.  The letter purports to be IRS Notice CP53E.  The notice states that the IRS couldn’t direct deposit the taxpayer’s 2025 Form 1040 refund. 

The real IRS Notice CP53E is sent to taxpayers when incorrect or incomplete bank account information was entered on the taxpayer’s return.  The legitimate notice provides a secure way to update your bank account online within 30 days of the notice.  An authentic notice also states that, if no action is taken, a paper check will eventually be issued, but the refund will be delayed because it takes longer to process a check.

The fake notice appears amazingly identical to the real notice but states that the taxpayer has 30 days to provide the IRS with a new or updated account number and provides a QR code to access the taxpayer’s online account.  The QR code is not legitimate and taxpayers are tricked into providing their bank account information to the scammers.  The IRS never requests bank account or other personal information over the phone or via a QR code.

The fake notice also states that, if you cannot provide updated bank information using the QR code, to call an 800 number.  That phone number is not legitimate. 

I am astounded at the Notice's apparent authenticity.  The notice that my taxpayer received, included a peculiarity in the spelling of my client's name.  The IRS has misspelled her last name in their database.  The notice contained that identical misspelling, so I wonder whether the IRS database has been hacked.

Be super-careful with that bank account information, kids,

UPDATE, Wednesday afternoon: The envelope in which the phony notice came had this for postage: