The Internal Revenue Service (“IRS”) has an active program of auditing tax-exempt bonds, and conducts those audits in a manner intended to ensure confidential information is not improperly disclosed. As part of those efforts, the IRS’s Tax Exempt and Governmental Entities (TEGE) Division has established its own secure electronic messaging service that may be used to securely transmit and receive data. However, we’ve recently seen emails purporting to be from the IRS regarding the use of its TEGE secure messaging service to respond to an audit of tax-exempt bonds, but that are actually phishing scams intended to steal data from the recipients. Issuers and borrowers should always be on the lookout for phishing or other suspicious emails, whether those appear to be from the IRS or other entities.