WWith Tax Day quickly approaching, many taxpayers may feel stressed as they work to file their tax returns promptly and accurately. During this time, cybercriminals may exploit this human vulnerability and leverage the rapid advancement and increase in artificial intelligence (AI) and deepfakes . They continue to explore ways to steal and use your information, including personally identifiable information (PII), financial information such as W-2s and banking information, login account credentials, and other sensitive information. Once information is captured or stolen, threat actors can use it to impersonate their victims, file fraudulent tax returns on their behalf, and steal their tax refunds. They can also use the information for other identity theft and fraud schemes.

Threat actors use social engineering tactics, AI-generated deepfakes, and voice cloning technologies to impersonate legitimate and trusted tax authorities, including the Internal Revenue Service (IRS) and tax preparation services, by stealing and using their branding, logos, and interfaces. They target vulnerable people through email, phone, text messaging, and social media platforms to trick them into disclosing their information and initiating fraudulent transactions. For example, threat actors may claim a tax refund is due or send information to track the status of tax refunds via phishing emails or text messages with links that, if clicked, direct targets to spoofed IRS websites. Additionally, threat actors may claim via phone that their target did not pay taxes or filed them incorrectly and now owes the IRS for back taxes. They may also threaten arrest or legal action if the fictitious debt is not paid immediately via wire transfer, gift cards, or pre-paid debit cards.

Threat actors also create highly sophisticated phishing emails with AI-generated content to convince their targets to divulge sensitive information or visit malicious links to spoofed websites of popular online tax preparation software. Additionally, they develop AI-powered fraudulent tax software appearing as legitimate software to lure targets into downloading malicious applications that steal and capture their information. Threat actors also trick their targets by falsely advertising and promoting themselves as legitimate tax preparation services. These scammers, or “ghost tax preparers,” are not certified, but they still prepare and file false and fraudulent tax returns and defraud their clients. They may be quickly established and promise fast or significant tax refunds to entice potential victims. The NJCCIC observed emails containing a link to direct targets to a tax preparer’s website. If clicked, the website displayed its services, including streamlining the tax filing process, and it provided IRS credentials to create a sense of legitimacy. However, upon further inspection and analysis, the link to this website was considered phishing and malicious.

The NJCCIC recommends users safeguard their information and accounts, file early, and use an Identity Protection PIN (IP PIN) from the IRS before filing a tax return. Additionally, exercise caution with unsolicited communications, refrain from divulging sensitive information without verifying the requestor via a separate means of communication before taking action, navigate directly to official and trusted websites, and use secure websites when sharing personal or financial information. Furthermore, research your tax preparer, look up their credentials and qualifications in the IRS directory, and ensure they have signed your tax returns and included their IRS Preparer Tax Identification Number. Additional recommendations can be found in the Beware of Tax Scams NJCCIC post. If victimized, report the incident to your financial institution, local police department, IRS, the Federal Trade Commission (FTC), credit reporting bureaus, FBI’s IC3, and the NJCCIC.