Top Tax Scams to Watch Out for in 2025

Tax scams may happen year-round, but as the April deadline looms, cybercriminals kick into high gear. They know what people are juggling—W-2s, 1099s, deductions, and deadlines—and they’re counting on stress and urgency to cloud judgment. And threat actors are exploiting that stress to target your employees, customers, and executives. They're using phishing emails, identity theft schemes, and impersonation scams that look more legitimate than ever.

In 2025, those scams are getting a serious upgrade. With AI-powered lures, deepfake voicemails, and spoofed IRS messages, threat actors are crafting tailored attacks designed to slip past defenses and trick even the most cautious user.

For organizations, the risk is twofold: your people are being targeted, and your brand could be impersonated to carry out the next attack. In this post, we’ll break down today’s top tax scams, what they look like in the real world, and how to help protect your workforce and customers before tax season fraud hits its peak.

Defining Today’s Tax Scam Landscape

Tax scams aren’t limited to the inbox or to individual taxpayers. Today’s threat actors use a wide range of channels, from email and text to phone calls, mail, and even deepfake voicemails, to carry out highly convincing attacks. What sets these scams apart is the level of social engineering involved. Cybercriminals are crafting messages that feel urgent, personal, and timely, all to pressure victims into handing over sensitive data.

According to the Federal Trade Commission’s 2024 Consumer Sentinel Network data, over 6.5 million consumer reports were received last year alone, with roughly 2.6 million being fraud related. And with total fraud losses coming in at a striking $12.5 billion, the losses are only growing year over year. Unfortunately, this kind of fraud often overlaps with tax season scam. Here, attackers impersonate trusted entities, exploit financial workflows, and trick users into sharing personally identifiable information (PII) or login credentials.

And these threat actors aren’t just going after individuals. Businesses, payroll departments, HR teams, and tax professionals are increasingly in the crosshairs. Whether impersonating the IRS (impersonation scams alone cost nearly $3 billion last year!), spoofing executives, or posing as third-party tax prep services, their goal is simple: gain access to financial or identity data that can be exploited or sold on the dark web.

Understanding the scope of the threat is the first step in protecting your people—and your brand—from becoming the next target.

Top 5 IRS Scams to Watch for in 2025

Threat actors aren’t just recycling old IRS scams—they’re evolving their tactics to bypass verification systems, exploit frustrated taxpayers, and steal sensitive data at scale. Here are the top tax-season scams organizations should be aware of this year:

1. Impersonation of Tax Authorities and Financial Platforms

Cybercriminals continue to impersonate the IRS, third-party tax platforms (like TurboTax and H&R Block), and other financial institutions to steal credentials or trick victims into sharing sensitive information. These spoofed communications are often designed to look urgent and legitimate. They pressure recipients into quick action, especially when they involve claims of missing refunds or unpaid tax debt.

2. AI-Powered Phishing and Deepfake Voicemails

Threat actors are using AI to craft hyper-personalized phishing emails and voice scams. Deepfake voicemails claiming to be from IRS agents or financial institutions add a new layer of authenticity. Especially when they are supplemented by real personal details pulled from previous data breaches. 

3. Dark Web Tax Fraud Services

ZeroFox recently observed a surge in dark web advertisements offering full-service tax fraud kits. Threat actors are selling packages that include stolen SSNs, ID scans, prior year AGI, and even populated IRS forms (1040s and W2s). These services are designed to submit fraudulent returns on behalf of victims, often using third-party filing services to sidestep identity verification protocols like id.me.

4. Fake Debt Collection Schemes

Using stolen PII, cybercriminals pose as IRS agents or third-party debt collectors, demanding payment for fake tax debts. These scams often involve aggressive tactics, including threats of legal action, asset seizure, or wage garnishment. Aggressive tactics like these are designed to speed up the victim’s decision making process. These tactics can prevent them from exploring their suspicions or gut instincts that it might be a scam. When employees or customers believe these threats are real, or feel they must act quickly to avoid penalties, they may wire money or hand over more personal information.

5. Delayed Refund Scams and "Verification" Lures

Threat actors exploit delays in IRS processing to send fake notifications asking victims to “verify” their information to release an unclaimed refund. These scams often use realistic branding and spoofed domains to collect additional PII or banking credentials—and in some cases, deliver malware via malicious links.

For a more in depth review of financial scams threatening US tax returns, including specific threat actors and their actions, check out the latest flash report from ZeroFox Intelligence.

How to Protect Against Modern Tax Scams 

The best defense against tax scams? Recognizing them before they do damage. A good rule of thumb: the IRS will never initiate contact by email, text, or social media to request personal or financial information. But that doesn’t stop skilled phishers from posing as the IRS and pressuring victims to act fast with alarming messages and spoofed branding.

Beyond foundational security hygiene—like phishing awareness and endpoint protection—there are a few tax-specific safeguards every organization and employee should know:

8 Tips to Help Your Organization Stay Scam-Savvy This Tax Season

1. Register for an IP PIN
   Encourage employees and executives to request an Identity Protection PIN (IP PIN) annually from the IRS. IP PINs helps prevent fraudulent returns from being filed in their name.
   
2. Follow IRS Scam Warnings
   Stay current with the IRS’s annual "Dirty Dozen" list of top tax scams and circulate updates to relevant internal teams.
   
3. Watch for Breach Fallout
   If your organization is involved in a data breach, you should assume threat actors may use stolen PII for tax fraud. Affected individuals should consider placing a fraud alert with credit bureaus. See our Data Breach Protection Guide for more defense strategies.
   
4. Report Suspicious Activity
   Ensure employees know where to report tax-related scams or identity theft, for example directly with the IRS. Need help validating threats? ZeroFox’s managed cyber threat intelligence services can enhance internal security efforts.
   
5. Scrutinize Unusual Messages
   Train staff to be cautious of unsolicited IRS messages—especially those with grammar mistakes, urgent demands, or unusual channels like text or social media. When in doubt, verify independently.
   
6. Vet Third-Party Services
   If you’re using external tax preparers, confirm documentation is signed and handled through secure, trusted channels. Third party intelligence can provide you with alerts and insights into digital threat actors and emerging cyber threats targeting these organizations.
   
7. Lock Down Credentials
   Use strong, unique passwords for financial accounts and require multi-factor authentication (MFA) across platforms, especially for payroll and HR systems. It’s also always a good idea to deploy compromised credential monitoring for your organization.
   
8. Monitor for Executive Impersonation
   Tax season is a prime time for attackers to impersonate leadership. Stay alert for suspicious messages requesting W-2s, wire transfers, or employee data. Now is a good time to invest in a strong executive protection solution.

Stay Ahead of Tax Season Threats

Tax season might be predictable, but the scams it attracts are anything but. As cybercriminals continue to evolve their tactics with AI, impersonation, and dark web services, organizations need visibility beyond the firewall and the tools to act fast. ZeroFox delivers real-time threat intelligence, executive and brand protection, and the takedown power to disrupt tax scams before they can impact your people, customers, or bottom line.

Want to see how ZeroFox can help protect your organization from external threats this tax season and beyond? Request a demo today.