In the United States, tax returns for the previous year need to be filed before Tax Day, which falls on Tuesday, April 15, 2025. Tax season officially started on January 27, 2025, when the Internal Revenue Service (IRS) started accepting tax returns for 2024. Tax season is a popular time for cybercriminals who take advantage of individuals and businesses that are under pressure to file their annual tax returns and try to steal personal information to file fraudulent tax returns in victims’ names and for other nefarious purposes.
Cybercriminals use tried and tested methods for their scams, but over the past few years, the scams have become more sophisticated. There has been a significant increase in the use of AI tools to craft highly convincing phishing emails. Phishing is one of the most common ways that cybercriminals trick people into disclosing sensitive information during tax season. One of the most common phishing techniques in tax season involves impersonation of the IRS. Emails are sent that appear to have come from an official IRS domain, the contact information in the email may be 100% correct, and the emails contain the IRS logo. The lures used in these scams include fake offers of tax refunds with rapid payment, legal threats, and criminal charges for tax fraud. These scams tempt or scare people into visiting a website linked in the email or calling a telephone number provided in the email.
The website to which the user is directed mimics the official IRS site and social engineering techniques are used to get the user to disclose sensitive information. That information is rapidly used to file a fraudulent tax return, with the victim only discovering they have been scammed when they file their tax return and are notified by the IRS that it is a duplicate. Alternatively, they are told that they must pay outstanding tax immediately and are threatened with fines and criminal charges if they fail to do so. Scams promising a tax return require personal information and bank account details to be disclosed.
Businesses are targeted in a variety of tax season scams, with one of the most common being fake tax services. Filing tax returns can be a time-consuming and arduous process, so tax filing services that do all of the work are an attractive choice. Businesses may be contacted via email, telephone, or could be directed to these scam services via the Internet. Businesses are tricked into providing personal and financial information, which could be used to file a fraudulent tax return. Commonly, the aim is to trick the business into downloading malware onto their device. These services may lure victims by promising quick tax refunds, which can be attractive for cash-strapped businesses.
According to the IRS, last year taxpayers lost $5.5 billion to tax scams and fraud so vigilance is key during tax season. Be aware that cybercriminals are incredibly active during tax season, and any offer that seems too good to be true most likely is. The IRS will not initiate contact via email or text message, as initial contact is typically made via the U.S. Postal Service, and emails and text messages are only sent if the IRS has been given permission to do so. The IRS will not make contact via social media, does not accept gift cards as payment, does not use robocalls, and does not threaten to call law enforcement or immigration officials.
Businesses should ensure they have anti-spam software to catch and neutralize phishing threats; however, not all spam filtering services are equal. Spam filters will perform a range of checks on inbound email, including reputation checks of the sender’s domain and email address, anti-spoofing checks, checks of blacklists of malicious IP addresses, and the email content will be assessed for malicious links, common signatures of phishing, and email attachments will be checked using anti-virus software. While these methods will identify the vast majority of spam emails and many phishing attempts, these checks are no longer sufficient.
The best spam filter for business is an advanced solution that has AI and machine learning capabilities for detecting advanced phishing scams and AI-generated threats. To catch and block AI-generated threats you need AI in your defenses. SpamTitan is an advanced cloud-based anti-spam service from TitanHQ (an anti-spam gateway is also available) that performs all of the standard checks mentioned above, scans emails with twin anti-virus engines, and uses machine-learning-based detection to identify the threats that many other spam filtering software solutions miss. If initial checks are passed, emails are sent to an email sandbox for deep analysis. With email sandboxing, attachments are assessed in a safe environment and their behavior is analyzed in depth, allowing novel malware to be identified and links are followed and assessed for malicious content.
SpamTitan consistently outperforms other leading email security solutions and, in the latest round of independent tests at VirusBulletin, SpamTitan was ranked in first place due to unbeatable detection rates, having blocked 100% of malware, 100% of phishing emails, and 99.999% of spam emails, with a 0.000% false positive rate. This tax season, ensure you have the best email protection for your business by using SpamTitan. Call TitanHQ for more information, to arrange a product demonstration, or sign up for a free trial to see for yourself how effective SpamTitan is at blocking email threats.