Staying Ahead Of Tax Day-Related Cyber Threats

Expert advice for individuals and organizations.

April 15 is not only the deadline to file taxes, but the days leading up to Tax Day often see a surge in tax-related cyber threats and scams, according to several experts.

In a blog post earlier this month, researchers at cybersecurity company Check Point said they had identified a phishing campaign that impersonated the U.S. Internal Revenue Service down to the agency’s logo. The campaign tricked users into sharing sensitive information, allowing hackers to “steal user data effectively,” the researchers said.

With tax season, “where there's a known deadline looming, then cyber actors are going to be working to try and take advantage of that sense of urgency,” Harold Rivas, CISO at Absolute Security, which provides cybersecurity resilience and remediation solutions, told MES Computing.

Rivas said that tax time is ripe for threat actors to manipulate human nature and the sense of urgency many may feel about getting their taxes done.

“Oftentimes these threat actors, these cyber criminals, are going to be mindful of human nature and try to take advantage of human nature. So they either to try to trigger fear, meaning you've missed the [tax filing] deadline ... there was an error in your filing, or some other sense that triggers them, through a sense of urgency and a sense of fear to acting quickly, whether it's clicking on the link, following a link over to a mobile device or somewhere else where controls might be weaker to allow them to continue to perpetuate the fraud,” Rivas said.

Cybercriminals also tap into that most basic human vice – greed.

“The other angle that those criminals might take is to take advantage of the other human fallacy of greed. Hey, there's a new program no one's ever heard about. If you file this form now, we can offer you [a] $1,000 refund on your taxes – or something like that. So, fear, greed and a sense of urgency are going to be those key ingredients,” for perpetuating tax-related cybercrimes, he said.

AI is being used to up these financial-based attacks.

“Generative AI tools like GPT models and other language processors are being leveraged to craft increasingly sophisticated phishing attempts that can evade traditional detection methods,” Chris Simpson, director of National University’s Center for Cybersecurity, said in a statement to MES Computing.

“According to recent cybersecurity reports, voice cloning attacks and deepfake attacks targeting financial services increased by 118 percent in 2024,” he said. “Deepfake technology presents a significant and growing threat in tax-related fraud. Cybercriminals can now generate synthetic audio that mimics IRS agents or known tax professionals and clone the voices of people whom individuals trust (like your accountant) using just a few minutes of sample audio. The technology can also create video deepfakes for virtual meetings that can bypass visual verification and then combine these technologies with social engineering tactics to increase credibility.”

Tax time makes individuals and small-to-midsized businesses particularly vulnerable to threats because of “unique pressure points,” Simpson said.

One is the deadline pressure. “As businesses rush to meet filing deadlines, they may bypass security protocols or take shortcuts that compromise security,” he said.

Simpson also echoed Rivas’ point about a sense of urgency leaving some more vulnerable to attackers.

“Attackers exploit the urgency surrounding Tax Day, knowing that time-sensitive messages are more likely to succeed,” he said.

Combating Tax Day Threats

Rivas spoke about how Absolute Security’s platform can help organizations that face Tax Day and other cyber threats.

“We're not in necessarily the email security space, but on the end point where this attack is often perpetuated, we see opportunities to ensure that the security stack that you have deployed is always operational, meaning, as a defender of a corporate enterprise, corporate network, you want to ensure that the security stack you are trusting is in place, is always there. That's where the emphasis on cyber resilience comes through, where I know across every single computer in my company and for my customers, all of the security protocols are in place,” he said.

Simpson offered ways for people and organizations to protect themselves from tax-based and financial threats and scams:

- Implement strict access controls for financial and tax documents

- Use a virtual private network to access company data when working remotely

- Follow up any requests for money transfers in person or via Zoom with video on and verify tax preparers through the IRS directory: https://irs.treasury.gov/rpo/rpo.jsf

- Use filing form 14039-B if you suspect business identity theft: https://www.irs.gov/newsroom/report-identity-theft-for-a-business

Additionally, he urged businesses and individuals to file taxes early to prevent fraudsters from filing in your name. Be skeptical of all tax-related communications, especially those conveying urgency. Verify all communications through official channels. Hover over links to check destinations before clicking. And remember that legitimate government sites use .gov domains (not .com, .org, etc.).