TLDR
Scammers are impersonating the Department of Government Efficiency (DOGE) in phishing emails sent to 1,800+ addresses across 350+ organizations. The emails claim recipients have been assigned a "DOGE agent" who can process tax refunds from "recovered government funds." ScamVerify™ analysis shows IPs traced to Nigeria, and the White House has confirmed these emails are fake. No government agency distributes refunds via email.
What the DOGE Phishing Email Looks Like
The emails follow a consistent template across all reported variants:
| Element | What the Email Says | Reality |
|---|---|---|
| Subject line | "Your DOGE Efficiency Refund - Action Required" | DOGE does not issue refunds |
| Sender | Various @doge-gov.us or @efficiency.gov domains | Neither domain is real |
| Claim | "Your assigned DOGE agent" will process your refund | DOGE has no agents assigned to individuals |
| Amount | $1,200 to $4,800 "recovered funds" | No such program exists |
| Action | Click link to "verify identity" and enter bank details | Credential harvesting and bank theft |
| Urgency | "Claim within 72 hours or funds are reallocated" | Artificial deadline to prevent verification |
The emails use official-looking seals, reference real DOGE leadership names, and include fake case numbers to appear legitimate.
Why DOGE Creates Perfect Scam Cover
The Department of Government Efficiency has generated significant public confusion since its creation in early 2025. That confusion gives scammers three advantages:
- Unclear scope. Most Americans do not know what DOGE actually does, so claims about "refunds from recovered waste" sound plausible.
- Constant news coverage. DOGE appears in headlines daily, making email subject lines referencing it feel timely rather than suspicious.
- No established communication channel. Unlike the IRS or SSA, DOGE has no well-known website or communication method, so recipients cannot easily verify whether an email is real.
Scammers exploited these same conditions with COVID stimulus payments in 2020 and 2021, when confusion about eligibility and payment methods led to a 3,000% spike in government impersonation fraud.
The DOGE and SSA Data Exposure Connection
The phishing campaign coincides with whistleblower allegations that DOGE personnel accessed Social Security Administration databases containing personal information on millions of Americans. While no confirmed data breach has been announced, the allegations create additional anxiety that scammers exploit.
Emails reference these allegations directly, with subject lines like "DOGE Data Exposure - Verify Your Information" and "Your SSA Records May Have Been Accessed." These variants do not offer refunds. Instead, they direct recipients to enter their Social Security numbers on fake verification portals.
How to Identify Fake Government Emails
Every federal agency follows specific communication rules. Knowing these rules makes fake emails obvious:
- The IRS never initiates contact by email. All IRS communications begin with postal mail.
- DOGE has no public-facing email system. It does not email individual citizens.
- No federal agency asks for bank details via email. Refunds go through established channels like direct deposit on file with the IRS.
- Real .gov domains are strictly controlled. Anything ending in -gov.us, -government.com, or similar variations is fake.
- Federal emails never include countdown timers or "act now" deadlines.
If you are unsure whether an email is from a legitimate source, our guide on how to spot a phishing email covers 10 specific elements to check every time.
Who Is Behind These Emails
Security researchers traced the campaign's sending infrastructure to IP addresses in Lagos, Nigeria. The operation uses bulletproof hosting providers and rotates domains every 48 to 72 hours to avoid takedowns. Over 350 organizations have received these emails, including:
- State and local government offices
- University administrative departments
- Small business owners
- Healthcare organizations
The attackers purchased email lists from data brokers, which is why the campaign hit such a wide range of targets rather than focusing on one sector. This pattern mirrors business email compromise tactics, where attackers research organizational structures before sending targeted messages.
What to Do If You Received This Email
- Do not click any links. Do not open attachments or reply.
- Report it to the Anti-Phishing Working Group at reportphishing@apwg.org.
- Forward the email to phishing@us-cert.gov (CISA).
- Delete the email from your inbox and trash.
- Check the sender domain using the ScamVerify email checker to verify whether the domain has been flagged.
If you already clicked a link or entered information, change your passwords immediately, enable two-factor authentication, and monitor your bank accounts for unauthorized transactions.
FAQ
Is DOGE a real government agency?
Yes, the Department of Government Efficiency is a real federal advisory body. However, it does not contact individual citizens, does not issue refunds, and does not have "agents" assigned to taxpayers. Any email claiming otherwise is fraudulent.
How did scammers get my email address?
Most likely from data broker lists, previous data breaches, or publicly available organizational directories. The campaign targeted 1,800+ addresses across 350+ organizations, suggesting bulk purchased lists rather than individually researched targets.
Could the government actually owe me a refund?
Tax refunds come exclusively through the IRS via IRS.gov. No other federal agency distributes tax refunds. If you are owed money from the government, you will receive a physical letter first, never an email.
What should I do if I entered my Social Security number?
Place a fraud alert with all three credit bureaus (Equifax, Experian, TransUnion), file an identity theft report at IdentityTheft.gov, and consider a credit freeze. Monitor your credit reports for at least 12 months.
Worried about a suspicious email? Check it with ScamVerify's email checker to analyze sender domains and detect phishing indicators.
