Spot the Signs of Tax-Time Phishing Scams

Tax season is officially upon us. Tuesday, April 18 is the deadline for most Americans to file their 2023 federal tax returns—and for many, the process of preparing and assembling the necessary documents is already underway. This is also an especially busy season at Ostra, as our Trusted Cybersecurity Team always sees elevated levels of phishing activity around tax time.

Both individuals and businesses should remain extra vigilant and take steps to avoid getting “hooked” by phishing scams during tax season.

Phishing and IRS Impersonators

As the digital age progresses, so do the tactics of cybercriminals. One of the most common types of cybercrime is phishing, in which scammers pose as legitimate entities to trick people into divulging sensitive information.

The Internal Revenue Service (IRS) is a popular target for phishing scams due to its role in collecting taxes from individuals and businesses. To protect yourself from tax-related phishing scams, it is essential to be aware of the tactics used by scammers during our tax season, and learn how to report them to the IRS.

Phishing emails often use fear tactics to get people to act quickly without thinking. One very important point to understand about the IRS is this:

“A real IRS agent WILL NEVER demand you make an immediate payment to a source other than the U.S. Treasury. Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony ID numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.”

(Source: National Cybersecurity Alliance)

For example, an email may claim that the recipient is owed a tax refund but needs to provide their personal information to claim it. Another common strategy is to claim that the recipient owes back taxes and is in danger of legal consequences if they do not pay immediately. These emails may also contain attachments or links that, when clicked, download malware onto the user’s computer.

Stay Ahead of the Game

To protect yourself from phony IRS phishing, it is important to recognize these tactics and take the following precautions:

  1. Be on the lookout of unsolicited emails. The IRS does not initiate contact with taxpayers via email, text message, or social media. If you happen to get an email claiming to be from the IRS, don’t click on any of the links or open any attachments. Instead, forward the email to the IRS (
  2. Be sure to check the sender’s email address. Phishing emails often use email addresses that appear to be legitimate but are slightly different from the actual address. For example, an email may come from “” instead of the official “” Always check the sender’s email address before clicking or replying to any emails.
  3. Do not provide personal information. The IRS will never ask for personal or financial information via email, text, or social media. If you receive a message asking for this type of information, it is most likely phishing.
  4. Use strong passwords. You’ve heard this one before, but it’s an important one. Always create strong, unique passwords for all your accounts and change them regularly. You can use a combination of letters, numbers, and symbols, and avoid using the same password for multiple accounts.
  5. Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of authentication, such as a code sent to your phone and your password.

Phishing scams by criminals posing as the IRS can be dangerous and costly. By recognizing the tactics used by scammers and taking necessary precautions, you can protect yourself from becoming a victim. Be wary of unsolicited emails, double-check sender email addresses, do not provide personal information, use strong passwords, and enable two-factor authentication. Stay vigilant and take steps to keep your personal and financial information safe.

Protect Your Business

Is your business fully protecting the financial information, health records, or other sensitive data from customers, clients or third-party entities? Working with a dedicated cybersecurity partner like Ostra offers peace of mind. Our proprietary solutions are built on multiple layers of protection to keep your data, as well as your reputation, safe and sound.

Reach out to Your Trusted Cybersecurity Team today with any concerns or questions on tax-related scams.  From phishing to malware, ransomware and other cyber threats, Ostra has you covered.