(Credit: René Ramos; Getty Images/valentinrussanov, mihailomilovanovic)
Every year, tax season makes all of us prime targets for social engineering scams. And now, thanks to AI, it's easy to build new scams designed to get you to hand over your financial data, or even your tax refund. Deepfakes that mimic a real person with alarming accuracy are on the rise. Phishing websites that look exactly like official tax prep services or even the IRS itself are easy to vibe code. Think you can't be fooled? Most adults surveyed in a study from Variety and HarrisX were tricked by videos generated using OpenAI's Sora. The IRS has tips to recognize scams, and we're here to help with more.
AI-Powered Tax Scams to Look Out For
To find out what we're all up against, I spoke with Lisa Plaggemier, the executive director of the National Cybersecurity Alliance. She warned that scammers use generative AI to impersonate you, your tax preparer, or IRS agents to obtain your data, hard-earned money, or both.
Impersonation
(Credit: Getty Images/Tero Vesalainen)Plaggemier relayed an anecdote about a marketing VP who realized he'd been speaking to a scammer instead of his boss on a Zoom videoconference. She said the executive only figured out he was being duped when he texted his boss and received a reply—though the "boss" on the Zoom video did not pick up his phone to type.
AI tools are improving quickly, affecting our ability to recognize reality. Not long ago, "you would see an AI-generated image or a video, and the person would look a little empty behind the eyes," Plaggemier noted. "That's not the case anymore."
Spearphishing
Each year, the IRS updates its list of the most popular or devastating tax scams. Common tax scams include emails claiming to be from the IRS that contain spearphishing links or malware-laden attachments and phone calls or texts from fake IRS agents requesting personal information, tax ID numbers, or banking information.
How to Avoid Tax Scams
(Credit: Getty Images/South_agency)The outlook seems bleak, but you can fight back against scammers. Adopt new habits and shake off some old myths about the IRS to keep your data safe.
1. File Your Taxes Early
Plaggemier told me you should file your return early—before the scammers do it for you. Some victims don’t know they’ve been scammed until they find out someone else has filed a return using their name and Social Security number.
2. Learn How the IRS Communicates
Next, understand that the IRS will never contact you by email, phone, or videoconferencing call. Physical mail is the IRS's preferred form of communication. That means any email you receive from someone purporting to be the IRS is fake. Don't respond to it—simply forward the message to the IRS's email address, block the sender, and delete the message. If you still have questions or concerns, check out this explainer on how to find out if a message is really from the IRS.
3. Ignore Suspicious Payment Requests
Also, remember that an IRS agent will not call you to demand immediate payment. In a similar vein, the IRS also only accepts legal US tender. The agency will not ask you to pay using another country's currency, crypto, or a gift card.
4. Enable Your IRS PIN
You should use multi-factor authentication for every online account, and you can add a layer of protection to your online IRS account by enabling the IRS’s IP PIN system. IP PIN requires users to enter a code known only to them and the IRS whenever they log into their accounts.
5. Check for Bad Links
Plaggemier also recommended that taxpayers look carefully at links to tax websites and apps in search results. Type the address for well-known tax websites directly into your browser’s URL address bar rather than click on links in your email or that you find online since scammy tax-related websites may appear in search results.
6. Secure Your Connection
It’s also a good idea to adhere to some online safety basics: Avoid filing your taxes over an unsecured Wi-Fi connection (or at least use a VPN) and refrain from sending financial documents via email.
7. Create Unique Tax Credentials
You may also want to create a new email address and password for your IRS account. A unique login will limit the damage caused if your other, more commonly used credentials appear in a data breach.
Where to Report Tax Scams
Thanks to money, technology, and time, scammers are getting better at their jobs. Getting scammed can happen to anyone, at any age, in any tax bracket. Even financial experts can get scammed by a sneaky social engineer. Last year, a personal finance columnist made headlines after revealing that she’d lost $50,000 in an Amazon call scam.
If you suspect you’re a victim of some kind of tax-related identity theft, report the crime to the IRS immediately. Remember, though, that resolution of the problem may not be swift. According to the internal monitoring group Taxpayer Advocate Service, the IRS took an average of 19 months to resolve identity theft cases in 2023.
In the meantime, check out the FTC’s online identity theft recovery center, identitytheft.gov, to add a report about the scam and undo some of the damage caused by the scammer. You should also contact the Internet Crime Complaint Center and the Identity Theft Resource Center to report the crimes and get advice on recovering from identity theft.
Finally, check out our list of top-rated tax software for more tips on how to file your taxes safely and get the best refund possible.