Microsoft has reported a sharp increase in phishing campaigns during tax season, designed to capitalize on heightened anxiety among both individuals and businesses.

Criminals are deploying deceptive emails that appear as tax refunds, payroll documents, reminders for filing, or requests from tax professionals. These messages aim to tempt recipients into clicking malicious attachments, suspicious links, or harmful QR codes.

Widespread Impact

A significant campaign detected recently targeted over 29,000 users across various industries including financial services, technology, and retail.

Multidisciplinary research by Microsoft highlights that these campaigns not only target individuals but also professionals who handle sensitive financial data, such as accountants. This is because accountants frequently receive tax-related communications and often possess valuable information.

Phishing Becomes More Persuasive

The threat level has risen due to the sophistication of phishing tactics, which now leverage advanced tools for crafting more personalized and convincing messages.

Suzanne Sando, a Senior Fraud and Security Analyst at Javelin Strategy & Research, notes that “phishing emails are becoming increasingly realistic, leading people to doubt their authenticity even when they should not.”

The IRS advises against responding to unsolicited emails or making payments over the phone as part of its ongoing efforts to warn taxpayers about scams. The agency stresses that legitimate communication is typically via mail and emphasizes that the IRS does not initiate contact through email, text, or social media.

Practical Examples of Scams

Microsoft has identified several tactics used in recent campaigns:

• Phony tax-themed websites designed to deceive users into clicking links purportedly for accessing updated forms




• Fake IRS messages promoting a “Cryptocurrency Tax Form 1099,” particularly aimed at the education sector




• Emails impersonating clients asking for assistance with filing, leading recipients to malicious URLs




• Targeted lures aimed at CPAs meant to steal victims’ email and password information