Microsoft has detected a surge in sophisticated phishing campaigns timed to exploit heightened anxiety during tax season, as cybercriminals ramp up efforts to trick both individuals and businesses.
According to the company, criminals are sending fraudulent emails masquerading as tax refunds, payroll documents, filing reminders, and requests from tax professionals. These messages are intended to lure recipients into opening malicious attachments, clicking on suspicious links, or scanning harmful QR codes.
The scope of these attacks is significant. In one large-scale campaign detected last month, more than 29,000 users across industries—including financial services, technology, and retail—were targeted.
Microsoft researchers say the campaigns are not only aimed at individuals, but also professionals who regularly handle sensitive financial data. Accountants and similar roles are especially attractive targets because they are accustomed to receiving tax-related communications and often have access to valuable information.
More Convincing Every Year
Compounding the threat, phishing tactics have become more sophisticated, with attackers leveraging advanced tools to create more personalized and convincing messages.
“A huge part of this is generative AI, which is making these emails way more convincing, said Suzanne Sando, Senior Fraud and Security Analyst at Javelin Strategy & Research. “The average consumer will say: ‘I don’t think this is real, but maybe it is.’”
The IRS continues to stress that it doesn’t initiate contact with taxpayers via email, text, or social media, and it doesn’t demand immediate payment or threaten arrest over the phone. Official communication is typically sent through U.S. mail, making any deviation from that a strong indicator of a scam.
“We push the point that the IRS is never going to call and ask for your information,” Sando said. “They’re never going to email you and ask for information, but people are still going to give it up.”
Tax-Adjacent Scams
To illustrate how these attacks are carried out in practice, Microsoft highlighted several common tactics seen in recent campaigns, including:
- Tax-themed websites designed to trick users into clicking links under the guise of accessing updated forms
- Fake IRS messages promoting a “Cryptocurrency Tax Form 1099,” particularly targeting the education sector
- Emails impersonating clients seeking help with filing, leading to malicious links
- Targeted lures aimed at CPAs that are phishing kits to steal a victim’s email and password
