Common Tax Season Cyber Crimes

The tax season is already such a stressful moment of the year for both businesses and the individuals looking to properly account for their financial assets. It’s that time of year when the accounting departments at businesses get busier than ever! However, this is also the time of year when cyber criminals take to the internet and attempt to take advantage of the confidential information being used to file taxes. Tax season cyber crimes are an evolving threat that are becoming more popular.

Why is tax season cyber crime becoming more common?

To better understand why tax season is such a hot season for hacking, let’s examine the nature of tax season. This is often the time where tax employees in both the public and private sector are working more than regular hours to satisfy the needs of their clients. As a result, an immense amount of information is being both sent and received to offices. This creates an environment where there is an assumption of security and that data is safe. 

It’s not uncommon for tax employees to feel fatigued and overworked which may also lead to an ongoing element of security vulnerability. Cyber criminals are completely aware of the situations and preyful opportunities to steal this information and benefit.

Common cyber crimes during tax season

Keep your business safe by looking out for these common tax season cyber crimes:

Fraudulent W-2

It’s extremely common to receive W-2 documentation from your employers this Spring season. This common tax document helps to summarize all the earnings and help claim the tax return money you might be receiving. This documentation package includes crucial personal information including home address, salary breakdown, and most importantly your social security number.

Cyber criminals are notorious for intercepting this information and leveraging your social security number to re-route your tax refund. Once the refund is sent to the wrong recipient, it is quite difficult to make amends and have the funds returned. As a result, we’ve seen employers switch to enhanced-security mailers, but even with these features, it’s safer to err on the side of caution.

According to the official IRS resource center:

For your paper refund check, here are the IRS mailing addresses to use based on the city (possibly abbreviated). These cities are located on the check’s bottom text line in front of the words TAX REFUND:

  • ANDOVER – Internal Revenue Service, 310 Lowell Street, Andover MA 01810
  • ATLANTA – Internal Revenue Service, 4800 Buford Highway, Chamblee GA 30341
  • AUSTIN – Internal Revenue Service, 3651 South Interregional Highway 35, Austin TX 78741
  • BRKHAVN – Internal Revenue Service, 5000 Corporate Ct., Holtsville NY 11742
  • CNCNATI – Internal Revenue Service, 201 West Rivercenter Blvd., Covington KY 41011
  • FRESNO – Internal Revenue Service, 5045 East Butler Avenue, Fresno CA 93727
  • KANS CY – Internal Revenue Service, 333 W. Pershing Road, Kansas City MO 64108-4302
  • MEMPHIS – Internal Revenue Service, 5333 Getwell Road, Memphis TN 38118
  • OGDEN – Internal Revenue Service, 1973 Rulon White Blvd., Ogden UT 84201
  • PHILA – Internal Revenue Service, 2970 Market St., Philadelphia PA 19104

Fake messages from “accountant” or “attorney”

There’s a good chance you or someone from your organization will be in contact with professionals in accounting, legal matters, and human resources. Tax season never falls to exemplify the lack of communication between departments, which could serve as a major security vulnerability in the employment hierarchy.

It’s a good security habit to ensure you’re communicating with the authentic individual and not an imposter trying to steal such information. Imagine a scenario where you are exchanging emails with an accountant manager, and rarely communicate with this person the remainder of the year. Are you familiar with their job function/role and guarantee the person is who you are trying to communicate with? If you’re ever suspicious or unsure, it’s best to ask higher management to authenticate their identity.

Be sure you and your accountant have a way to double-check authenticity if they ever receive an email regarding changing the bank account where to receive your refund. A threat actor can easily pretend or appear, to be you, with a simple request to change your bank account. Have your accountant require a secret password, as well as confirm via calling you at a phone number they already have on record for you. This way if it isn’t you, you can stop the process before any money is lost.

Suspicious office calls

Many people are familiar with the infamous fake IRS calls that make rounds every tax season. These calls trick unsuspecting victims like the elderly into sending a wire transfer of funds to these extortionist groups. In recent years, these scans have become much more elaborate and “professional” with intricate capabilities and believable mannerisms.  However, there is a rise in “Vishing” in which the cyber criminal uses the phone to deceive the business.

During a Vishing attack, a seemingly authentic phone call or message is delivered to the victim and manipulates a request for a home address, email information, and other important info. With the introducing of AI (Artificial Intelligence), hackers can program a message to personally identify you by name, which will increase the authenticity and you might fall into this trap  These voice messages can also take on the location & business name in the Caller ID by using voice IP to mask the real geolocation.

Malicious tax refund apps & services

In general, during this season, you’ll receive lots of messages and advertisements promoting various services that can help increase your tax deductibles and maximize your return. These ads are littered on mobile app stores, commercial websites, and mixed into email inboxes. Major brands like Turbo Tax and H&R Block are trusted sources for recovering tax finances during this season, albeit with their high expense.

Don’t be misled into suspicious & dishonest tax refund services with little to no credibility. They might have a more reasonably advertised accounting fee, but the privacy and security of business information might be in jeopardy to become compromised. It’s easy to be misled with fake reviews and other fraudulent marks of credibility that can easily be generated in the perpetrator’s interest.

If you or your business might be the victim of a cyber crime, is recommended to report the incident to the US Department of Homeland Security Cyber-Infrastructure at

What do you think?

Leave a Reply
Read more

Related Articles

Contact us

Leading experts on stand-by 24/7/365

If you suspect data loss or network breach, or are looking for ways to test and improve your cyber security – our team can help.

What we offer:
What happens next?

Our advisor will reach out with the free consultation


We evaluate your inquiry and review solutions


We send a custom proposal or quote for approval

Request a Free Consultation