Introduction
Tax season. Those two words alone can send shivers down the spine of even the most organized business owner. As April 15th looms on the horizon, we’re all scrambling to gather documents, crunch numbers, and meet deadlines. But while you’re focused on getting your financial house in order, cybercriminals are seeing dollar signs—and not in a good way.
I’ve been in IT support services for years, and let me tell you: tax season is like the Super Bowl for hackers. They’re suited up, they’ve practiced their plays, and they’re ready to intercept your sensitive data before you even realize what’s happened.
Why Tax Season Is Prime Time for Cybercriminals
1. The Perfect Storm of Sensitive Data Exchange
During tax season, there’s an unprecedented flow of sensitive information—Social Security numbers, financial statements, bank account details—being shared across multiple channels. This creates what we in business IT support call a “target-rich environment.”
“Tax time is when the most sensitive personal and financial information is in transit, creating multiple opportunities for interception,” warns the National Cybersecurity Alliance.
2. Deadline Pressure Leads to Security Shortcuts
We’ve all been there: it’s getting close to the filing deadline, and suddenly attention to detail takes a backseat to just getting it done. When you’re rushing, you might not look twice at that email from your “accountant” or question an urgent request for information.
The pressure cooker of tax season can make even the most security-conscious people let their guard down. And cybercriminals? They’re counting on it.
3. Email Overload Creates Confusion
Your inbox during tax season probably looks like mine—a tsunami of messages from accounting, payroll, tax preparers, and financial institutions. This flood of legitimate tax-related communications makes it easier for phishing emails to blend in.
Think about it: if you’re expecting an email from your accountant with “URGENT: Tax Documents Required” in the subject line, you’re much more likely to click on a malicious email with the same subject.
4. Everyone’s a Target
Small businesses often think they’re flying under the radar of cybercriminals. “We’re too small to be targeted,” I hear clients tell me all the time. But according to Microsoft’s security research, tax-related cyberattacks target businesses of all sizes—and sometimes smaller organizations make easier targets because their IT support services might be less robust .
The Most Common Tax-Related Scams in 2025
Phishing and Smishing: The Digital Bait and Switch
The IRS has seen a dramatic increase in phishing emails and smishing (SMS phishing) attempts that impersonate tax authorities . These messages often contain urgent language about “problems with your return” or “immediate action required” to create a sense of panic.
I got one of these texts myself last week—a message claiming to be from the IRS about a “refund discrepancy.” The link led to a convincing replica of the IRS website designed to steal login credentials.
AI-Powered Impersonation: The New Frontier
2025 has brought a troubling new development: AI-generated deepfakes and voice cloning used to impersonate tax professionals or even your company’s executives .
These sophisticated scams might include fake legal documents that look legitimate or voice messages that sound exactly like your accountant asking for sensitive information.
“New Client” Scams Targeting Tax Professionals
If your business works with external tax preparers, be aware that criminals are targeting them too. The IRS warns about elaborate “new client” scams where cybercriminals pose as potential customers to gain access to tax professionals’ systems .
Once inside, they can access client data, file fraudulent returns, or deploy ransomware—putting your business information at risk indirectly.
Social Security Suspension Threats
A particularly nasty scam involves threatening calls claiming your business’s Employer Identification Number (EIN) or an employee’s Social Security number has been “suspended” due to tax fraud . The caller demands immediate payment or verification of sensitive information to “reactivate” the number.
When Is the 2025 Tax Filing Deadline?
While staying secure is critical, meeting filing deadlines remains essential. For most businesses, the federal tax filing deadline is April 15, 2025. However, if your business operates in states affected by Hurricane Helene, you may qualify for an extended deadline of May 1, 2025.
Remember: filing early not only reduces deadline stress but is also a security strategy—it prevents fraudsters from filing returns in your name.
How Small Businesses Can Protect Themselves from Tax-Related Cybercrime
File Your Taxes Early
I cannot stress this enough: the earlier you file, the less opportunity criminals have to file fraudulent returns using your business information. Early filing is one of the most effective preventive measures you can take.
Secure Your Return with an IRS Identity Protection PIN
The IRS offers a valuable tool called an Identity Protection PIN (IP PIN)—a six-digit number that helps prevent misuse of your business’s tax identification numbers. According to the IRS, “The IP PIN serves as the key to an individual’s tax account” .
Enable Multifactor Authentication on All Tax-Related Accounts
This simple security measure can prevent 99% of account compromise attacks. Any reputable IT support company will tell you that MFA is non-negotiable for tax preparation software, accounting platforms, and financial accounts.
“Multifactor authentication is one of the most effective ways to prevent unauthorized access, even if passwords are compromised,” notes the IRS in their security guidance for tax professionals [10].
Use Strong, Unique Passwords for Each Account
I know, I know—you’ve heard this one before. But during tax season, it’s worth repeating: using the same password across multiple platforms is like using the same key for your house, car, and office. If one gets stolen, everything is vulnerable.
Stay Protected with Current Security Solutions
Ensure your business IT support includes up-to-date antivirus, anti-malware, and firewall protection on all devices used for tax preparation. According to Thomson Reuters, “Tax professionals should deploy the ‘Security Six’ measures, including anti-virus software and firewalls” .
Verify Before You Trust
The IRS will never initiate contact with taxpayers via email, text message, or social media to request personal or financial information . If you receive unsolicited communications claiming to be from the IRS, do not respond, click links, or open attachments.
Instead, contact the IRS directly using the contact information on their official website (www.irs.gov).
What New Measures Is the IRS Implementing for the 2025 Tax Season?
The IRS continues to evolve its security measures to combat evolving threats. For the 2025 tax season, key initiatives include:
New Form for Fuel Tax Credit Claims
To prevent misuse and fraudulent claims, the IRS has introduced a new form for businesses claiming the Fuel Tax Credit . This additional documentation helps verify legitimate claims while deterring scammers.
Enhanced Review of “Other Withholding” Claims
The IRS has increased scrutiny of unusual “other withholding” claims on Form 1040, as this has become a common area for fraud attempts.
Expanded Outreach on Emerging Scams
The IRS has significantly expanded its education efforts about new and emerging scams . Their “Dirty Dozen” list for 2025 provides detailed information about the most prevalent tax scams .
Who Are the Most Vulnerable Targets for Tax-Related Cybercrime?
While all businesses should remain vigilant, certain groups face higher risks:
Small Business Owners
Small businesses often lack dedicated IT support services and may have fewer security protocols in place, making them attractive targets. According to IDX, “Small businesses are disproportionately targeted because cybercriminals perceive them as having valuable data but fewer security resources” .
Businesses with Green Card Holders
Companies employing individuals with Green Cards should be especially cautious, as these employees are frequently targeted in immigration-related tax scams.
New Business Filers
Businesses filing taxes for the first time may be less familiar with legitimate IRS procedures, making them more vulnerable to impersonation scams.
Businesses with Older Decision-Makers
Cybercriminals often target businesses where key financial decision-makers are over 60, perceiving them as potentially less tech-savvy.
What Should Tax Professionals Do to Protect Themselves and Their Clients?
If your business works with external tax professionals, ensure they’re taking these precautions:
Deploy the “Security Six” Measures
The IRS recommends six essential security measures for tax professionals: anti-virus software, firewalls, two-factor authentication, backup software, drive encryption, and a written security plan .
Create and Maintain a Data Security Plan
Federal law requires tax professionals to create and maintain a written data security plan. Ask your tax preparer about their compliance with this requirement.
Develop an Incident Response Plan
Your tax professional should have procedures in place for responding to potential data breaches that could affect your business information.
“Tax professionals should have an incident response plan so they can react quickly in the event of a data theft or other security incident,” advises the University System of New Hampshire .
Understanding the IRS “Dirty Dozen” List
Each year, the IRS publishes its “Dirty Dozen” list of common scams. For 2025, this list includes several schemes targeting businesses :
- Employee Retention Credit scams
- Fake charitable organizations
- Unscrupulous tax return preparers (“ghost preparers”)
- Offers in Compromise mills
- Fake tax payment opportunities
- Spear phishing attacks targeting businesses
Protecting Your Business with Professional IT Support Services
For comprehensive protection during tax season and beyond, many businesses turn to professional IT support services. A qualified IT support company can:
- Implement robust email filtering to catch phishing attempts
- Set up secure file sharing for tax documents
- Train employees on security best practices
- Provide 24/7 monitoring for suspicious activity
- Ensure all systems are updated with the latest security patches
Conclusion: Stay Vigilant This Tax Season
Tax season doesn’t have to be open season for cybercriminals. By understanding the tactics they use and implementing strong security measures, your business can focus on filing accurately and on time—without the added stress of a security breach.
Remember: cybersecurity isn’t just an IT issue; it’s a business survival issue. As Thomson Reuters notes, “Tax season is when your practice is most vulnerable to a data breach that could destroy your reputation and your business” .
Take action today to protect your business’s financial and tax information. Start with a FREE Network Assessment to uncover potential vulnerabilities and ensure your systems are ready to handle whatever this tax season brings.
Click here to schedule your FREE Network Assessment now!
Frequently Asked Questions: Cybercriminal Tactics During Tax Season
What are the most common tax-related scams?
- Phishing emails and smishing (SMS phishing) impersonating the IRS or tax professionals
- AI-powered impersonation scams using fake legal documents
- “New client” scams targeting tax professionals
- Fake IRS phone calls and text messages
- Social Security suspension threats
When is the 2025 tax filing deadline?
The tax filing deadline for most states is April 15, 2025. However, some states affected by Hurricane Helene have an extended deadline of May 1, 2025.
How can I protect myself from tax-related cybercrime?
- File your taxes early
- Secure your return with an IRS Identity Protection PIN (IP PIN)
- Enable multifactor authentication on all tax-related accounts
- Use strong, unique passwords for each account
- Stay protected with antivirus software
- Ignore unsolicited IRS communications via phone, text, or email
What new measures is the IRS implementing for the 2025 tax season?
- A new form for the Fuel Tax Credit to prevent misuse
- Increased review of “other withholding” claims on Form 1040
- Outreach to taxpayers potentially using “ghost preparers”
- Expanded outreach and education on emerging scams
Who are the most vulnerable targets for tax-related cybercrime?
While everyone is potentially at risk, some groups that may be more frequently targeted include:
- Green Card holders
- Small business owners
- New taxpayers under 25
- Older taxpayers over 60
What should tax professionals do to protect themselves and their clients?
- Deploy the “Security Six” measures, including anti-virus software and firewalls
- Create and maintain a data security plan as required by federal law
- Educate themselves on phishing scams and ransomware
- Develop an incident response plan for potential data breaches
What is the Dirty Dozen list?
The Dirty Dozen is an annual list published by the IRS that highlights 12 common tax scams and schemes to help educate and protect taxpayers and tax professionals.
These FAQs were addressed throughout the blog post I created, with detailed information provided for each question.