Information Security Advisory: Beware of Tax Scams

By Office of Communications & Marketing | Mar 23, 2026

The following e-mail is being sent on behalf of Igor Gorelik, Information Security Officer

Tax season is a peak time for cybercriminals to launch phishing and fraud campaigns. Attackers often impersonate trusted organizations like the Internal Revenue Service to trick users into revealing sensitive personal or financial information.

Common Tax Scam Examples

• Emails claiming you’re owed a tax refund
• Text messages asking you to “verify your tax information”
• Calls threatening penalties or arrest
• Attachments labeled “W-2,” “1099,” or “Tax Statement”
• Links to fake “refund portals”

How to Spot a Tax Scam?
Please watch for these red flags

• Urgent or threatening language (“Act now!”)
• Requests for SSN, banking info, or passwords
• Misspelled sender addresses or suspicious domains
• Unexpected attachments or links
• Payment requests via gift cards, crypto, or wire transfers

The Internal Revenue Service does NOT initiate contact by email, text, phone call, or social media to request sensitive data.

How to Protect Yourself

• Do not click links in unsolicited tax-related messages
• Type official website addresses manually into your browser
• Verify suspicious messages through trusted sources
• Always use multi-factor authentication (MFA)

If a tax-related message creates urgency and asks for personal information — it’s likely a scam.