2024 Gartner® Market Guide for Managed Detection and Response
2024 Gartner® Market Guide for Managed Detection and Response Get the Report
How Your Business and Employees Can Outsmart Tax Scammers
How Your Business and Employees Can Outsmart Tax Scammers
Tax season is a busy time for finance and payrolls teams, accountants—and scammers. While tax fraud is a year-round problem, the IRS warns that scammers exploit the busy tax season to escalate attacks.
Many scams are targeted at individuals, but businesses are not immune. And even though fraudsters use tried-and-true schemes, such as IRS impersonation, they’ve added generative AI to their arsenal. It’s easier than ever to craft communications that deceive finance and payroll teams—and your employees—into sharing sensitive data.
To protect your employees and your organization against tax scams this season, it’s important to:
Understand how scammers use emotion to trick victims.
Know the common scams fraudsters use.
Learn how AI enables more successful attacks.
Practice good cybersecurity hygiene.
Scammers’ Scare Tactics
The IRS notes how scammers mislead potential victims about tax credits, and payments. They want personal, financial or employment information to fraudulently file tax returns can get refund—or your money. There are red flags that a tax scammer may be at work:
Create a sense of urgency
Use isolation tactics or threats
Promise a big payday
Set up suspicious website links
It all comes down to emotion. “When people are under pressure and under anxiety, they might do something with the speed that they’re not thinking through it and not doing their research,” said Amy Nofziger, director of victim support at the AARP Fraud Watch Network.
The Tricks of a Tax Scammer
Here are a few common scams to watch out for in 2025:
IRS Impersonation
Scammers pretending to be from the IRS work in a number of ways:
Initiate contact by email or over social media asking for personal or financial information.
Send text messages offering tax relief, tax credits, or help creating an online account.
Set up fake websites pretending to be the IRS.
Use phone scams: Pretending to be the IRS, scammers call taxpayers, threatening arrest, deportation, or other consequences.
Demand immediate payment with gift cards.
Form W-2 Email Scam
A scammer, impersonating a company executive, will send a fraudulent email to HR or payroll requesting they immediately send W-2 data, which includes wages earned, taxes withheld, and social security numbers. The fraudster uses this confidential information to file fraudulent returns for tax refunds.
Invoice Fraud
Fraudsters use false invoices to claim a transaction that never took place, or to inflate the value of a genuine transaction. This allows a business to reduce their taxable income by deducting the amount of the fraudulent invoice. Invoice fraud enables a scammer to:
Avoid paying taxes
Launder money
Finance illegal activities
Defraud the IRS
Tax Scams in the Time of AI
AI makes it easier for scammers to get access to a legitimate email account through phishing—an attack known as business email compromise (BEC). Fraudsters can mimic the tone and style of genuine communications to request sensitive tax documents or transfer money. Scammers may also use deepfake videos, audio, or images to trick employees.
Smarter than Scammers
Scammers thrive in the chaos of tax season, but your organization can use proven cybersecurity strategies and employee training to protect sensitive personal information and stop tax fraud.
Teach employees to learn how and when the IRS contacts them and to be aware of the latest tax scams.
Tailor cybersecurity training to specific roles—such as for finance and payroll teams.
Require two or more people to approve tax-related payments.
Implement multi-factor authentication (MFA) to prevent unauthorized access.
Monitor for unusual activity, using tools to detect and alert you to erratic or unexpected employee behavior.
Tax season will come and go, but fraudsters are always finding ways to financially gain from sensitive employee, customer, or patient information. Unauthorized exposure of confidential information increases your risk for a data breach. Your organization must be vigilant against these attacks, implementing a robust cybersecurity program and building a culture of cybersecurity across all teams.
Want to improve your cybersecurity and eliminate breach risks? Contact us for a demo today. We’re here to help.
