Tax season is stressful enough; between paperwork, unexpected balances, and looming deadlines, most of us already have plenty on our plates. Cybercriminals know this, and they're using AI-driven tools to exploit that stress. With Tax Day fast approaching—April 15th in the United States—the threat landscape is evolving fast, and so are the tactics scammers use to steal your identity, your refund, or worse.
According to the IRS Criminal Investigation (CI) FY23 Annual Report, agents uncovered more than $37.1 billion in financial crimes, with nearly 14% of investigations sparked by Bank Secrecy Act data. Identity theft and fraudulent refund schemes were major players. But as CI Chief Jim Lee points out, "tax and other financial crimes know no borders," and today's criminals are more sophisticated than ever—especially with AI in their toolkit.
From generative AI (GenAI) phishing emails to deepfake impersonations of IRS agents, attackers are raising the bar—and the risks. Menlo Security's 2025 Browser Security Report tracked a 140% increase in browser-based phishing attacks, along with a 130% rise in zero-hour phishing attacks, many impersonating GenAI platforms or promising help with tax prep.
"Cybercriminals are fully aware of the stress and anxiety that surrounds tax season, and every year they take full advantage," said Devin Ertel, CISO at Menlo Security. "With the advent of AI, individuals must be aware that cybercriminals could impersonate GenAI platforms to manipulate users into entering sensitive data."
These GenAI scams often promise to generate resumes, tax documents, or personalized advice—while quietly harvesting personal information and delivering malware through infected PDFs.
Patrick Tiquet, VP at Keeper Security, warns: "Cybercriminals can now create realistic video and audio impersonations of IRS agents, tax professionals, or even family members… tricking individuals into divulging Social Security numbers or tax credentials."
The threat isn't just in your inbox. Kern Smith, VP at Zimperium, notes the rise of mobile-first tax scams, including "mishing" (SMS phishing), quishing (QR code phishing), and malicious apps pretending to be the IRS or major tax software platforms. Some phishing sites even behave differently depending on whether you visit from a desktop or mobile device—an advanced evasion tactic.
Meanwhile, Casey Ellis, founder of Bugcrowd, highlights how deepfake audio and video are used to enhance impersonation scams: "A deepfake video of a 'tax advisor' could be used to lure victims into sharing sensitive information, or AI-generated emails could mimic the tone and style of legitimate IRS communications with uncanny accuracy."
Many traditional defenses—like firewalls, email filters, and antivirus software—struggle to detect these new scams. Attackers now host malicious files on cloud collaboration services, spoof legitimate brands, and revive expired domains to bypass reputation filters.
"We're seeing attackers register accounts on trusted platforms and use those services to deliver phishing attempts," said J Stephen Kowski, Field CTO at SlashNext. "Phishing via text and voice is also on the rise, especially as AI makes impersonations harder to detect."
Chad Cragle, CISO at Deepwatch, adds:
"Many counterfeit sites use SEO poisoning, typosquatting, and AI-generated content to lure victims. These tactics manipulate Google search rankings to appear legitimate—especially when people are searching for terms like 'Trump tax refund' or 'IRS help.'"
Don't trust unsolicited messages – The IRS doesn't initiate contact by email, text, or social media.
Double-check URLs – Look closely at website addresses for subtle misspellings or odd characters.
Use strong, unique passwords – Avoid reusing credentials across accounts; use a password manager.
Enable multi-factor authentication (MFA) – A simple but effective defense against credential stuffing.
Stay off public Wi-Fi for tax filing – And never access sensitive accounts on untrusted devices.
Report fraud – If you suspect identity theft, file IRS Form 14039 and contact IdentityTheft.gov immediately.
"Urgency is a major red flag," said Thomas Richards, Red Team Director at Black Duck. "Always slow down and verify the request through official channels—never through the contact info provided in a suspicious message."
GenAI has changed the game. Scammers are faster, more believable, and harder to catch. But that doesn't mean we're powerless. By understanding these evolving threats—and investing in stronger browser security, responsible GenAI use, and user education—we can stay one step ahead.
"GenAI is here to stay," said Satyam Sinha, CEO at Acuvity. "What's needed is secure and responsible adoption to foster productivity and innovation. A ground-up security mindset is critical."
As IRS Commissioner Danny Werfel noted: "The work of Criminal Investigation employees… continues to make a difference in helping uphold tax laws and protect taxpayers."
But cybersecurity is a shared responsibility. And in the age of AI, staying safe this tax season means staying alert.
Follow SecureWorld News for more stories related to cybersecurity.