Tax season is a busy time for individuals and businesses – and cybercriminals, hard at work with new phishing scams and malware. The number of legitimate users online and the nature of online tax preparation make this an important time of year for the morally challenged.

Preparing taxes involves financial information along with valuable PII (Personally Identifiable Information): this increases the potential profitability of malware and phishing campaigns. By no means should this stop you from preparing your tax returns online! Instead, practice extra vigilance to protect your devices and sensitive information. In this article, we’ll go over the basics on identifying and avoiding common malware threats and phishing scams, with a focus on the increased danger of tax season.

A cybercriminal works diligently during tax season to spread phishing emails and malware to collect sensitive private information.

Learn to Recognize Phishing Emails, Phone Calls, and Other Messages

Phishing scams often involve fraudulent emails, phone calls, or other messages that appear to be from legitimate sources including the IRS, tax preparation companies, banks, investment firms, mortgage companies, or other financial institutions. Cybercriminals use these deceptive tactics to trick you into downloading malware or revealing personal information. Here are some red flags to watch for:

  • Unexpected emails or messages claiming to be from the IRS or other tax-related entities.
  • Emails with suspicious attachments or links, urging you to download or click on them.
  • Messages with poor grammar, spelling, or formatting.
  • Messages that address you in a generic manner (“Dear Taxpayer”, “Dear Customer”, etc.).
  • Unsolicited requests for sensitive information (bank account numbers, Social Security number, etc.).

Avoid Phishing Traps

To keep from becoming a victim of a phishing scam, consider following these best practices.

  • Be cautious with unsolicited emails or messages, even if they appear to be from a known source.
  • Never click on links or download attachments from suspicious emails.
  • Do not share sensitive information via email or over the phone.
  • Use strong, unique passwords for all your accounts.
  • Whenever possible, enable MFA (Multi Factor Authentication) on your accounts. It may feel like a hassle, but losing access to your own accounts is far worse.

Remain Vigilant for Malware

Malware, or malicious software, can compromise your devices: once your devices are compromised, so is your data. Tax season historically sees an increase in malware attacks as cybercriminals exploit the high volume of sensitive information being exchanged. Protect yourself!

  • Keep your operating system, antivirus, and other software up to date with the latest patches.
  • Download software from trusted sources and avoid pirated or cracked versions.
  • Be cautious with USB devices and scan them before use.
  • Regularly back up your important data to minimize damage in case of infection.

Report Fraud and Phishing Attempts

Report suspicious emails and tax-related phishing attempts to the appropriate authorities. While not every bad actor will be caught, the more that are, the safer the Internet becomes.

  • If you receive a phishing email that purports to be from the IRS, forward it to the IRS’ phishing email reporting mailbox at
  • Report other phishing emails to the Federal Trade Commission (FTC) at
  • File a report at the FBI’s IC3 (Internet Crime Complaint Center). The IC3 collects information on all illegal cyber activity and ensures that information is passed to the appropriate authorities.

Be Cautious, Not Afraid

The Internet is an amazing tool, and there’s no reason to be afraid to use it to help during tax season. Instead of fear, practice caution, vigilance, and general awareness of malware threats and phishing scams.

By following the basic guidelines laid out here, you can start learning to protect your valuable information from cybercriminals. Stay informed about the latest threats, and share your knowledge: together, we can all help create a safer Internet.