March 12, 2025
With tight deadlines and changing requirements, tax season can be overwhelming. This yearly event is a prime opportunity for scammers looking to exploit confusion and urgency. Last year’s newsletter laid out strong cybersecurity practices to be followed at tax time; now is a great time to review and utilize those tips in conjunction with the information below.
Threat actors are staying informed on the latest technology advances and using cutting-edge platforms and techniques to try and steal personally identifiable information (PII) and money. The Internal Revenue Service (IRS) annually compiles the “Dirty Dozen,” which lists a variety of common scams facing taxpayers. These scams can happen at any time, but many ramp up during tax filing season.
Learn more about emerging threats for taxpayers, as well as simple strategies to combat cybercriminals and keep your data safe.
- Learn to recognize Artificial Intelligence (AI) phishing.
- Threat actors can use AI tools to generate fraudulent phishing messages that accurately mimic logos, styles and language that a company, such as a bank or tax agency, would use.
- Check the sender’s email address for clues indicating fraud, such as misspelled names or domains.
- Never click links or download attachments from any unsolicited messages.
If you believe the message could be legitimate, call the sender directly with a phone number found on their official website.
- Avoid imposter phone calls asking for personal information.
- Be wary of unsolicited calls from anyone claiming to be from the IRS or a tax preparer. Tax agencies will not typically ask for personal information over the phone.
- If you think the call could be legitimate, hang up and call the agency or preparer back using an official number.
- Threat actors can use “caller ID spoofing” where the phone call appears to be coming from the actual organization. Calling them directly is a safe way to make sure you’re speaking to a legitimate representative.
Never give payment over the phone. Avoid wiring money or sending gift cards as payment.
- Know the signs of social media scams.
- Many tax preparers advertise on social media. Unfortunately, scammers also use these platforms and can mimic these ads. Rather than clicking on an ad, navigate to the preparer’s official website if you wish to learn more.
- Scammers can pose as a friend or colleague to gain trust and coerce financial or tax-related information out of you. Verify with them offline that the request or message is legitimate before engaging.
- Friend requests or messages offering tax assistance or higher refunds are likely scams. Ignore and delete these messages.
Do not share personal tax information or other personal information on social media. Cybercriminals can gather data and use it to send you targeted phishing messages.
- Don’t fall for fake refund scams.
- Do not trust refund offers that promise exorbitantly higher returns. These are typically scams designed to steal your information.
- Refund claims will only come from the IRS or your trusted tax preparer.
- A common tactic of threat actors is to ask for your bank account information to “process” the refund. Protect your banking information by only sharing information through secure channels.
- Safely exchange and store tax documents and records.
- Use only encrypted email services or secure document-sharing platforms to send your tax documents to your preparer. A legitimate tax preparer will have a preferred service they trust for clients to use.
- Do not send any sensitive information via unencrypted email or any form of SMS (text) messaging.
- If you upload tax documents using a shared platform, check that it offers multi-factor authentication (MFA) and password protection for added security.
- Hand-deliver documents to the tax preparer when possible.
- If storing digital copies of tax records, be sure to use a trusted cloud service or external hard drive in a secure, encrypted location.
- Keep physical copies of tax documents under lock and key in a location only you know about.
- Report scams to the authorities.
- IRS victims of identity theft: IRS Identity Theft Central
- IRS, Treasury, and tax-related online scams: Report Phishing
- Federal Trade Commission: Report Fraud
- Treasury Inspector General for Tax Administration (TIGTA): Report IRS-related Impersonation
- U.S. Treasury Inspector General for Tax Administration: Submit a Complaint
- Internet Crime Complaint Center (IC3): Report Cybercrime
The cyber threat landscape constantly changes, and the amount of information exchanged in tax season is a gold mine for cybercriminals who are always crafting new scams. Staying proactive and up to date on these threats is the best way to protect yourself and your information. Follow these tips and share them with friends and family to safely navigate tax season.
Cyber Habit of the Month
Email has evolved into one of the most useful tools in our daily lives. We receive emails about calendar invites, news stories, receipts, bills and more on a daily basis. While some of these messages are useful, many are not important and pile up very quickly.
A cluttered inbox can make it difficult to use and organize your email successfully. Additionally, having so much personal information haphazardly stored in your inbox could be dangerous. If threat actors gain access to your email account, they may be able to glean PPI from messages.
The “Inbox Zero” strategy is making waves as a way to increase productivity and keep email inboxes close to empty. Start by deleting unimportant emails as soon as they are received. Set aside a bit of time each day to delete and organize your inbox based on importance. While the task may seem tedious at first, you will have more free time and reduce fatigue from the constant barrage of emails.
Additional Resources
National Cybersecurity Alliance: Tax Season Security Tips