Following the November-December holiday season, phishing scammers and other cyber criminals must now set their sights on the Tax reporting season that begins on January 24 and mostly ends on April 18.

According to the Federal Trade Commission, fraud of all kinds cost the US consumer $5.8 billion in 2021, a third more than the previous year. Of this, $350 million was lost just to tax scams by individual law-abiding tax payers.

‘Tis the season to be scammed

Phishing scams during tax season run the entire gamut from simple stealing to delivering ransomware, spyware and even bank Trojans. These may include phone or email scams directing victims towards fake accounts, fake legal threats and phishing links to solve said threats, job-related phishing to reveal proprietary information, and more.

Between 2021 and 2022, the IRS’ 2022 ISAC Annual Report estimates that suspicious activities increased four-fold, amounting over 8 million last year—fake refunds accounting for a major proportion of these.

In addition, spear phishing attacks target tax professionals, many who store increasing amounts of client data on the cloud. The IRS is battling this with its new IPPINS opt-in program, which provides a PIN number for each taxpayer (and which, hopefully, accountants are storing safely offline), and with their latest Protect Your Clients guidebook.

Two-Sided is Too Unguarded

Within the workplace, W2 scams are on the rise. An employer’s W2 form contains social security data (obfuscated), income, name, address, social security deductions, and tax with-holdings. This data, if stolen, can be used to request a new credit card or take out a loan in the victim’s name. Alternatively, a scammer may file a fraudulent tax return under a victim’s name and the claim his/her false refund.

Since most taxpayers will require a copy of their W2 from their employers in order to prepare a tax return, one recent scam involves a purported PDF, which is in fact malware. To open the PDF, the victim is instructed to input his/her social security number, which then makes its way swiftly into the hands of the scammer.

Alternatively, scammers may concentrate on the 1040, under which individuals collect and report their sources of income (pay slips) and expenses (bills). The simplest technique here involves “ghost agents” offering huge refunds to fill in tax returns for victims. In this case, the tax “preparer” is required by law to sign alongside the taxpayer. Some “preparers” refuse to sign the form so that they can later claim fake deductions or invent income, directing the refunds into the scammer’s own account.

Another phishing scam involves threats of fraud, arrest warrants, social security blacklisting and more. Here, the scammer supplies a fake case number and fake URL where the victim inputs his/her details, ostensibly in order to freeze proceedings. Clearly, scammers first target of choice is either people with a false sense of security or—at the other extreme—people under duress.

Even, the IRS’ Taxpayer Advocate Service (TAS) is often ‘spoofed’. Here, the scammer first informs a victim that he/she is in some kind of trouble. The notification is then followed up with a call from a fake TAS representative offering help. The vexed victim willingly surrenders all the personal information requested in order to erase a problem that probably never existed in the first place.

The K-factor

Taxpayers can nowadays prepare tax reports on a mobile phone (though not their annual return); and the IRS’ IRS2Go mobile app provides report status, making a payment, getting filing help, and checking refund status, as well. This year, however, an additional IRS development may create additional mayhem.

As part of the 2021 American Rescue Plan, a new form has been introduced—the 1099K, required to report income of over $600 received through electronic payment services, since these are increasing exponentially. This new form is required of non-salaried employees and vendors, Gig workers, Uber drivers, online vendors on Amazon or any other online marketplace, and vendors who receive payment using PayPal, Stripe, Square, Google/Apple Pay, Facebook, or any other of a host of such services. 1099K are filed electronically, and related information is updated, through the Filing Information Returns Electronically (FIRE) system.

Cybercrime analysts expect this year’s phishing activities to focus on the 1099K reporting chain. For, as with any new technology, and are warning against fake mobile apps and websites impersonating the payment services, phishing for information.

IRS to the Rescue

The IRS’ Criminal Investigations department launched over 2550 investigations in 2022, involving about $31 billion of financial crime. The previous year, identity theft accounted for a quarter of consumer fraud that amounted to nearly $6 billion.

In 2017, the service launched its Identity Theft Tax Refund Fraud Information Sharing & Analysis Center—hyphenated in short to ISAC. The coalition of 73 state and private tax-related entities includes financial service companies, 48 state representations, 15 industry partners and the IRS itself, among others. Last year, ISAC reported nearly 8 million reports of “suspicious activity”. These come primarily under the headings of: Phishing & Phone Scams, Identity Theft, Return Preparer Fraud, Inflated & false Claims, Falsified Income & Deductions, Fake Charities, Business claims, Frivolous Tax Arguments, and Offshore Tax Avoidance & Abusive Tax Shelters.

Some words of caution to make this tax season a safe one:

  1. Links of Caution: Never enter a tax-related site or that of your accountant through a link you receive by email/text message/push notification or social network. Always take the long route: enter the IRS’ site manually and navigate to where you need—especially if it’s a reporting form. 
    Even links on what you think may be a legit mobile app can have been hijacked, or you may have downloaded a fake app. So double check what you download and install a web extension that prevents phishing web pages from opening.

  2. IP PIN: The IRS repeatedly stresses that it will never request a taxpayer’s IP PIN from him/her or his/her tax prepared—certainly not by email, text message or push notification, and that it initiates contacts usually though US Postal Service regular mail.

  3. Tax reporting: Check with your employer whether they are mailing the W-2 form, or sending it electronically, via e-mail. If mailing, be on the lookout for the return in the mail. If your mail is missing or the W-2 is not delivered, start taking precautionary steps—call your accountant or local tax office.

  4. Too good to be true – start worrying: Be wary of scam tax preparers offering huge refunds but refusing to cosign your report. You may have to answer for a refund you didn’t request.

  5. Refund returns: If you have received an erroneous refund, you may return it through the IRS’s dedicated webpage at

  6. Due Process: Moreover, the IRS cannot have a citizen arrested without due process, and it will never require immediate payment using a specific payment service. Instead, it will first contact a tax payer repeatedly by mail..

  7. Reporting scams: If you receive a telephone call from someone posing as a tax-related employee threatening action or offering suspect services, you should take note of the number, then hang up immediately. You can report the call to either the Treasury Inspector General for Tax Administration hotline or using the IRS Impersonation Scam Reporting form. You can also email your report to, including “IRS Phone Scam” in the subject line, or by phone: 800-366-4484.