---
title: "Phishing Attacks In The Tax Season And What To Do About It | Phish Protection"
description: "Phishing Attacks In The Tax Season And What To Do About It: Tax season is often punctuated with a mad rush for closures and submissions. Both individuals and."
image: "https://phishprotection.com/og/blog/phishing-attacks-in-the-tax-season-and-to-do-about-it.png"
canonical: "https://phishprotection.com/blog/phishing-attacks-in-the-tax-season-and-to-do-about-it/"
---

Quick Answer

Tax \[season\](https://blog.checkpoint.com/2020/05/22/tax-season-phishing/#:\~:text=This%20is%20an%20IRS%20tax,as%20legitimate%20forms%20and%20documents) is often punctuated with a mad rush for closures and submissions. Both individuals and organizations fight against time to fill in their tax receipts and submit them. \_Tax season is also the time when phishing agents look forward to a whole lot of good catches\_. \*\*Phishing baits\*\* are sent out as emails to many recipients, many of whom fall for it, leading to a catastrophe. Malicious actors use the information to defraud the victim or even \*\*steal their

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-in-the-tax-season-and-to-do-about-it%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Attacks%20In%20The%20Tax%20Season%20And%20What%20To%20Do%20About%20It&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-in-the-tax-season-and-to-do-about-it%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-in-the-tax-season-and-to-do-about-it%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-in-the-tax-season-and-to-do-about-it%2F&title=Phishing%20Attacks%20In%20The%20Tax%20Season%20And%20What%20To%20Do%20About%20It "Share on Reddit") [ ](mailto:?subject=Phishing%20Attacks%20In%20The%20Tax%20Season%20And%20What%20To%20Do%20About%20It&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-in-the-tax-season-and-to-do-about-it%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-best-practices-3478-1.jpg) 

Tax [season](https://blog.checkpoint.com/2020/05/22/tax-season-phishing/#:~:text=This%20is%20an%20IRS%20tax,as%20legitimate%20forms%20and%20documents) is often punctuated with a mad rush for closures and submissions. Both individuals and organizations fight against time to fill in their tax receipts and submit them. _Tax season is also the time when phishing agents look forward to a whole lot of good catches_. **Phishing baits** are sent out as emails to many recipients, many of whom fall for it, leading to a catastrophe. Malicious actors use the information to defraud the victim or even **steal their identity**. Malicious actors are successful at creating enough panic in the ranks of IT Security by using impersonations. _Phishing has been an age-old exercise, and with advanced technology, it has only got more sophisticated, becoming a more formidable threat_.

### Alarming Statistics

The below graph shows the scams and **phishing attacks** in the first two quarters of the year 2020\. _The period between January and April showed the highest consistent percentage of attacks_. It is partly due to the tax season when most individuals and organizations file their tax returns, which is the season that greatly interests malicious actors.

_Source:_[_Securelist.com_](https://securelist.com/spam-and-phishing-in-q2-2020/97987/)

_The consistency of the attacks shows the tenacious attitude of the phishing community_. There have been many counters created by IT Security teams the country over. Nevertheless, statistics over the years lay bare, displaying the hard fact that phishing has become more sophisticated over the years.

### Scams To Look Out For

> “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle

Following are the most common **phishing scams** that make the rounds during the tax season.

#### Locked Account

This tax scam is the most [common](https://us.norton.com/internetsecurity-emerging-threats-four-tax-scams-to-watch-out-for-this-tax-season.html) of all. Malicious actors send an email to the registered email address, informing them that the tax return is restricted. _The email will pretend to be sent through an IRS mail server_. It will have the IRS logo and a link that will take the recipient to another page, which will ask for login credentials. Most of the time, the email will impersonate TurboTax, which is a popular tax preparation software. [Emails impersonating](/blog/something-new-the-dual-impersonation-business-email-compromise-scam/) TurboTax generally inform the recipient that their TurboTax account has been locked and credentials have to be typed in again, or the login ID and password need to be changed. These emails’ objective is to convince the recipient to click on the provided links and steal their information.

#### Updating Tax Filing Information

In the second most common **phishing exercise** used by malicious actors, _the emails impersonating the IRS ask recipients to update their tax filing information_. These emails are comprehensive with their activities, and most users fall prey to them. _These emails have a link that takes them to an HTML website that asks for their personal information_. Once the user types it in, the malicious actor will have unwarranted access to their personal tax information.

![Phishing prevention best practices 3478](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-best-practices-3478-1.jpg) 

#### Tax Receipts From The IRS

When it comes to tax frauds and evasion, _the IRS has an uncompromising stand_. Hence, when someone receives an email in the IRS’s name talking about a tax deduction, there is a measure of distress, which helps gain attention. There are attachments of receipts sent alongside the **fake email**. These attachments are malware that may cause untold harm to information systems and the network once clicked. However, given the tone and looks of the emails, most users fall for it.

#### Refund Eligibility

_The final nail in the phishing coffin lets the recipient know that they are eligible for a tax refund_. A significant part of such emails is **phishing emails** sent to hoodwink the user. Though the subject usually is something to celebrate, it may also cause much heartburn when it is a phishing email. _The email will have a link where the user would be advised to click to initiate the refund_. Most rush for it. Once clicked, the malware may infect the system or the network, or a new page would appear asking the user to log in with their SSNs. Either way, it is going to be a disaster for the user.

### Tips For Employers To Stay Safe From Phishing During Tax Season

Employers have to take the maximum precautions and implement the proper safeguards to stay **protected from phishing** scams’ ill-effects.

#### Inculcate Awareness Among Employees

_Awareness is the greatest weapon against tax scams and phishing_. As employers, it is their responsibility to inform their employees of the pitfalls caused by **phishing attempts**, especially while dealing with tax information. Leakage of such information due to employees’ negligence can be damning and may lead to severe complications and loss. Hence, regular sensitization sessions are necessary.

#### Updated Anti-Phishing Tools

Systems need to be updated and [anti-phishing software](/) installed across the entire network. **Email protection software** is a necessity in these times and must be used to counter malicious actors.

#### Network Security Tools

_IT Security teams must be aware of all the possibilities of an attack and be adequately prepared_. Network security is a prime responsibility and has to be covered at all times. **Phishing agents** target the networks to plant malware for future usage. The installed malware stays hidden without letting anyone know of their presence and strike at an opportune moment.

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2021/03/phishing-attack-prevention-2045.jpg) 

### Tips For Employees To Stay Safe From Phishing During Tax Season

Like employers, the employees also have to take care and play their role in keeping **phishing scams** at a distance. Following are the tips for employees.

#### Take Awareness Training Seriously

_Attend as many sessions on phishing and understand the methods and strategies applied by malicious actors_. Important information gained from such [phishing awareness](/products/phishing-awareness-training/) sessions will considerably help detect a phishing attempt and mitigate it even before it develops into a full-blown attack.

#### Handle Suspicious Emails Cautiously

As humankind’s general nature, people get curious about every tiny detail that comes their way. It is the same for emails that come from **unknown sources**. Utmost care has to be taken when dealing with emails from unknown or suspicious sources. _Due diligence must be maintained in such interactions, whether over the phone or through emails_.

### Final Words

_Phishing is a nuisance plaguing the cyber world for a long time, and there is no end to it_. To stay away from the threat, one has to keep a step ahead. **Data protection** is not merely a responsibility. Upholding its integrity is essential and has legal complications and financial and reputation loss if not appropriately observed, especially in the tax season.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Attacks In The Tax Season And What To Do About It","description":"Phishing Attacks In The Tax Season And What To Do About It: Tax season is often punctuated with a mad rush for closures and submissions. Both individuals and.","url":"https://phishprotection.com/blog/phishing-attacks-in-the-tax-season-and-to-do-about-it/","datePublished":"2021-03-19T06:06:23.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-03-19T06:06:23.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-attacks-in-the-tax-season-and-to-do-about-it/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1073,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-best-practices-3478-1.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Attacks In The Tax Season And What To Do About It","item":"https://phishprotection.com/blog/phishing-attacks-in-the-tax-season-and-to-do-about-it/"}]}
```