News Feature: Tax Season Scam Safety

Tax season creates a predictable window for scammers. People are watching for forms, refunds, filing notices, payment updates, and account messages, which makes tax-related lures feel more believable than they might during the rest of the year.

PhishingBox was featured in WKYT's January 18, 2023 report on tax time scams. The segment focused on the start of the 2023 filing season, when the IRS was preparing to accept individual tax returns and millions of taxpayers were getting ready to submit sensitive personal and financial information online.

That timing is exactly why tax season deserves extra caution. A convincing email, text message, phone call, or fake website can pressure someone to enter a Social Security number, bank account number, tax portal login, or direct deposit details before they slow down and verify the request.

Why Tax Season Scams Work

Tax scams are effective because they combine urgency, authority, and money. A message that mentions a refund, a filing problem, a missing form, or a payment deadline can make people act quickly. Attackers use that pressure to move victims away from normal verification habits.

Common tax-season phishing themes include fake refund notices, lookalike tax preparation websites, bogus IRS or state revenue messages, payroll and W-2 requests, direct deposit change requests, and attachments that claim to contain tax documents. Some campaigns target individuals, while others target accounting, payroll, finance, and HR teams inside organizations.

The risk is not limited to one click. Tax information can be used for identity theft, fraudulent returns, account takeover, business email compromise, and follow-up social engineering. Once a scammer has enough personal information, they can make later messages sound even more convincing.

What to Check Before You Trust a Tax Message

Before responding to a tax-related message, verify the sender and the destination. Do not rely only on a logo, display name, or urgent subject line. Hover over links, inspect the domain, and go directly to the known website instead of using a link from an unexpected message.

• Slow down around refund or payment claims. Scammers often use deadlines and money to create pressure.
• Check the website address carefully. Fake tax portals and lookalike domains can be designed to capture logins or personal data.
• Do not send sensitive information through unverified email or text requests. Confirm requests through trusted channels.
• Keep security tools updated. Browser protection, endpoint security, spam filtering, and MFA work best when they are active and maintained.
• Report suspicious messages. Reporting gives security teams a chance to block similar attacks before more people see them.

For businesses, tax season is also a good time to remind employees how payroll, finance, and HR requests should be handled. A clear verification process can prevent someone from approving a fraudulent direct deposit update, sending employee tax data to an impostor, or trusting a spoofed executive request.

Watch the Tax Season Scam Safety Segment

The PhishingBox video page includes the WKYT news segment and a short set of viewer takeaways for tax-season awareness training. Use it as a seasonal reminder for employees, clients, or anyone preparing to file online.

Use Tax Season as a Training Moment

Seasonal threats work best when people are distracted by familiar tasks. Short reminders before and during filing season can help employees recognize tax-related phishing, verify requests, and report suspicious messages before they turn into incidents.

Security awareness programs should connect these reminders to real workflows. Finance teams may need examples of invoice and payment fraud. HR teams may need reminders about W-2 and payroll requests. General users may need simple rules for links, attachments, and urgent messages that claim to involve refunds or tax accounts.

For more local context, read WKYT's full report, "Be aware of tax time scams".