×

Staffing Industry Analysts (SIA) Awards CFO Melissa Manley. Read more

Avoid Tax Season Scams with Cyber Resilience

  • With billions of dollars lost in tax fraud and trillions in total cybercrime, cybersecurity is a must-have during tax season

Cybercriminals represent a persistent threat to the security of sensitive data, but during tax season, businesses and individual-filers must remain especially vigilant. In 2024 alone, the Internal Revenue Service (IRS) uncovered more than $2 billion in tax fraud. As such, tax season provides a ripe opportunity for bad actors to deploy schemes aimed at stealing personal data and financial information. These tactics range from robust phishing attacks with artificial intelligence (AI) impersonation capabilities to simple breaches resulting from poor cyber hygiene and connection to unsecured networks. With the list of sophisticated cyberthreats continuing to rise, it deeply underlines the importance of proactive cybersecurity measures and habits to stay one step ahead.

Tax Season Scams Demand Awareness

Tax season gives scammers and cybercriminals an entry point to target unsuspecting victims and cyber vulnerabilities. Although their attack vectors continually evolve, most success (or damage) is found through the compromise of sensitive data such as social security numbers, bank account information, passwords, credentials, etc. With this data, not only are tax returns at risk, but also personal/financial accounts at large. Let’s explore popular methods of attack bad actors depend on, especially during tax season.

  • Phishing (Smishing/Vishing) – Contact from scammers that lure victims into providing sensitive information, typically email, text, or phone call. Scammers and cybercriminals impersonate trusted sources requesting personal data. For tax season, their angle may include subjects of tax refund, false tax fraud claims, or representing as agents of the IRS, tax preparers/professionals or individuals trusted by victims such as family, friends, and colleagues.
    • Remember: the IRS will only contact you by mail, on official IRS seal with the correct IRS contact information. They will never contact you digitally or via phone call with threats of lawsuits or request for taxpayer PIN.
  • Unsecured Networks – Cybercriminals target unsecured networks, embedding malware and ransomware, with capabilities to mirror keystrokes and shutdown access to critical systems. Once a network is infiltrated, it leaves sensitive information vulnerable for theft and fraud. Ensure the websites you visit are secured as well as the internet connection or Wi-Fi you use. Also, be wary of unsolicited links and attachments as they often connect to unsecured networks laden with malware.
  • Tax Scams – The IRS recently issued its Dirty Dozens List of common tax scams targeting taxpayers and businesses. This ranges from false tax credits and spear phishing tax professionals to bad social media advice and third-party aid with creating IRS Individual Online Accounts. For tax scams to work, victims are often tricked into providing sensitive information. With tax scams becoming more creative and sophisticated, it emphasizes the importance of vigilance against suspicious activity from untrustworthy sources.

Understanding the attacks cybercriminals tend to leverage helps guard against tax season fraud and broader cybercrimes. But awareness is not enough, which is why businesses and individuals must use proven cybersecurity controls to their advantage.

Cybersecurity Controls to Protect Against Tax Scams and Cybercrime

Through implementing proven cyber protections into your wheelhouse, safeguarding sensitive data becomes much easier and effective. With more than 1 in 3 (34%) of U.S. adults experiencing financial scam/fraud in the past year, cybersecurity controls offer a valuable solution to reduce the impact of cyber-attacks and tax scams, as well as provide incident response capabilities when a breach occurs. Let’s take a deeper look at proven cyber protections recommended by the IRS and Cybersecurity & Infrastructure Security Agency (“CISA”):

  • Identity Protection PIN (IP PIN) – A unique code combination the IRS issues to prevent unauthorized tax filings under your Social Security number. This additional layer of protection limits the ability of cybercriminals to file a tax return with the credentials of someone else. IP PINs are renewed each calendar year to enhance security protections and make compromise even more difficult.
    • If interested in applying for an IP PIN from the IRS, find more information here.
  • Enable Multi-Factor Authentication (MFA) – When accessing tax services online, or logging into privileged systems such as bank accounts and emails, ensure you have MFA enabled. This translates into multiple layers of secured verification such as username/password, phone and email verification, push notifications, biometrics, etc. used in conjunction to be granted access. Since MFA requires multiple verification methods, it dramatically reduces the ability of bad actors to access sensitive data.
  • Improve Cybersecurity Hygiene – This is a regular set of practices, or routine behavior that individuals and enterprises follow to support the strength and security of devices, networks, and data. This comprehensive approach involves cybersecurity, incident response, business continuity and disaster recovery. Specific examples include:
    • Continuous monitoring
    • Frequently updating passwords and software
    • Coded Encryptions
    • Firewalls
    • Visiting secure “https:” websites
    • Participating in awareness training exercises
    • Regular backups

The combination of these hygienic behaviors helps mitigate the damage of cyber-attacks and tax scams. This strengthens overall cybersecurity posture and safeguards sensitive data. As cybercriminals are relentless when it comes to fraud, scams and data exploitation, businesses and individuals must show equal or greater vigilance against cyberthreats, especially during tax season.

Take a Stand Against Tax Scams and Cybercrime

The total cost of cybercrime has eclipsed $8 trillion and is projected to reach $10.5 trillion by the end of 2025. Reporting suspicious cyber activity and tax scams helps track and stop cybercriminals from causing further damage.

If you notice suspicious account activity and believe you are a victim of tax fraud or data compromise—social security number (SSN) or bank account credentials—contact the IRS or proper authorities immediately.

To reach the IRS, call the number on an official IRS notice you’ve received or the IRS Protection Specialized Unit (IPSU) at (800) 908-4490.

Additional resources to report tax scams and cybercrime includes:

Reporting cybercrime allows authorities to investigate crimes, trends and threats, as well as freeze and return stolen funds (in some cases). It takes a collective effort from individuals, businesses and authorities to slow the rapid spread of tax scams and cybercrime.

Trusted Partner for Cybersecurity and Risk Management

For over 15 years, Seneca Resources has delivered proven solutions for cybersecurity and risk management. We deeply understand the changing threat landscape and implement best practices to strengthen cyber posture and resilience. This includes risk assessment, cyber architecture, continuous monitoring, incident response, business continuity and disaster recovery, cyber training, etc. As such, Seneca has earned a strong reputation as a trusted partner solving the most important business and technology challenges for our customers.

To learn more about the cybersecurity solutions offered by Seneca Resources, please contact us at (205) 566-2390 or info@senecahq.com.

Scroll to top