For years, criminals have attempted to impersonate the U.S. Internal Revenue Service (IRS), tax preparation services, and other entities during tax season.
However, this year, cybercriminals present an even greater threat due to increasingly sophisticated technology, according to Microsoft. The tech giant reported discovering several tax-themed phishing campaigns designed to deliver malware or remote access trojans (RATs) to unsuspecting users.
In one example, emails with subjects like “Notice: IRS Has Flagged Issues with Your Tax Filing” or “Unusual Activity Detected in Your IRS Filing” included attached PDFs containing embedded links. When users clicked these links, they were redirected to a phony DocuSign website that evaluated their system and IP address—potentially installing malware that could be exploited in future attacks.
“I think a huge part of this is generative AI, which is making these emails way more convincing. So the average consumer will say, ‘I don’t think this is real, but maybe it is,’” said Suzanne Sando, Senior Fraud and Security Analyst at Javelin Strategy & Research.
“We all know, and we push the point that the IRS is never going to call and ask for your information,” she said. “They’re never going to e-mail you and ask for information, but people are still going to give it up.”
A Barrage of Communications
While technology enables criminals to craft more convincing messages, phishing techniques have also become more effective because of the use of social engineering tactics that prey on common consumer concerns.
“A lot of consumers have likely not yet filed their taxes and are probably feeling the pressure of, ‘Oops, I have a week left and I will be looking for a tax preparation service to complete this for me,’” Sando said. “And we are also getting a barrage of legitimate emails from the H&R Blocks, the TurboTaxes, and all of the tax preparation services out there.”
“In between, you’re also getting the phishing emails that are posing as H&R Block, that are posing as TurboTax, maybe sending you text messages saying you filed in the past with TurboTax, click this link to get your return started,” she said.
Creating an Environment of Security
With scams becoming increasingly convincing, consumer education is essential. However, it’s equally critical that organizations avoid overwhelming customers with messages that mimic the tone and tqactics used by criminals.
“Part of the problem is that some of these legitimate service providers are also emailing out real links and texting out real links,” Sando said. “It’s incumbent on the service providers and the government—any entity that is asking for personal information or payment for a service—they should be directing customers to their website, to download the secure app onto their mobile phone, and to get the process started that way.”
“We have to start creating that environment of security so that consumers just automatically can tell what is real and what isn’t,” she said.
