Cybersecurity · January 2025
Tax season is phishing season: what your team needs to watch for
From late January through April, "the IRS" and "your accountant" send a lot of email, and a worrying amount of it is fake.
Tax season is a gift to scammers. Everyone is expecting documents from payroll, accountants, and government agencies, so a fake one blends right in.
The lures to watch for
- Emails "from the IRS", the IRS does not initiate contact by email
- Requests for employee W-2s or payroll data sent to "the boss"
- Fake accountant messages with malicious attachments or links
- "Refund" or "tax document ready" links that steal logins
Protect your organization
Set a firm rule: sensitive documents and any payment or data request get verified by phone using a known number, never by replying to the email. Turn on multi-factor authentication so a stolen password alone is not enough, and give your team a quick heads-up that the season is here. Awareness is the cheapest control you have.
Get started
Questions about your own setup?
A free assessment turns general guidance into specific next steps for your organization. No pressure, no obligation.