“The IRS would never call or email directly asking for personal information online. It is best to always ignore suspicious calls and emails and reach out to organizations, like the IRS, directly if there are any questions,” Chris Morales, head of security analytics at Vectra, told Threatpost.