Do Son 
PDF attachment masquerading as a DocuSign document
Artificial intelligence has become the latest weapon in the arsenal of fraudsters targeting unsuspecting taxpayers amid the height of tax season. Gone are the days of crude phishing emails threatening audits—malicious actors now employ hyper-realistic voice and video forgeries to extract personal data and seize access to victims’ finances.
Tax season has long been considered a lucrative period for cybercriminals, but this year’s developments are particularly alarming. Cybersecurity experts report a surge in attacks powered by generative AI technologies. Especially concerning is the rise of “vishing”—voice phishing campaigns leveraging synthetic audio files that convincingly mimic tax consultants, accountants, or even government officials.
Industry specialists warn that generative AI and deepfakes are fundamentally reshaping the threat landscape. These tools not only allow fraudsters to scale their operations but also to render them far more persuasive. For instance, a deepfake video featuring a fake tax advisor can create the illusion of authenticity, while emails composed by AI may perfectly replicate the tone and structure of official correspondence.
Hackers are now capable of cloning a victim’s voice and calling under the guise of a tax expert, offering to help with account registration for tax services. In reality, these calls are traps designed to harvest sensitive information—logins, Social Security numbers, and tax credentials.
Victims increasingly encounter video and audio content featuring familiar voices—from family members to tax agents. These materials are fabricated but realistic enough to deceive. Often, only subtle inconsistencies in details—still a challenge for AI—betray the forgery.
Some protective measures remain effective. Experts recommend using reverse image and video searches to detect synthetic manipulation. Maintaining a high degree of caution when faced with “urgent” requests—whether via phone or email—is also essential.
The fraud does not stop with deepfakes. Mobile-based attacks are on the rise, with text messages impersonating tax authorities urging users to click links or install apps laced with malware. Such tactics often result in stolen credentials and compromised financial information.
Old tricks haven’t been abandoned either. Cybercriminals continue to create counterfeit websites posing as legitimate tax platforms, using popular search terms like “Trump tax refund.” These fraudulent sites are boosted through SEO poisoning—manipulating search engine results to appear credible.
Recently, Microsoft issued a warning about a widespread phishing campaign mimicking official tax correspondence. Since February 2025, over 2,300 organizations have been targeted with phishing emails containing PDFs embedded with QR codes leading to malicious websites. Engineering, IT, and consulting firms have been hit especially hard.
As attacks grow ever more sophisticated, safeguarding personal data demands a renewed vigilance. Even seemingly basic advice—avoiding suspicious links and verifying the voice on the other end of the call—can be decisive. Artificial intelligence may have empowered scammers with new tools, but it has also left humans with one last line of defense: their attention to detail.
