Tax Season 2025: Navigating the AI-Driven Fraud Landscape
Tax season has always been a prime opportunity for cybercriminals, but in 2025, the game has changed dramatically. Artificial intelligence (AI) and deepfake technology have significantly upgraded their tactics, making scams more sophisticated and believable than ever before. These aren’t your run-of-the-mill phishing attempts with broken English; instead, sophisticated AI-generated emails, convincing deepfake IRS agents, and voice-cloned tax professionals are becoming alarmingly common.
According to IRS statistics, billions of dollars in tax and financial crimes were identified in fiscal year 2023, and the actual losses are likely far higher. The emergence of generative AI and deepfakes has created a new wave of fraud that is smarter, faster, and more effective.
The AI Advantage for Cybercriminals
“We’re seeing a sharp rise in AI-driven attacks, particularly around tax season,” says Casey Ellis, founder and advisor at Bugcrowd. “Generative AI and deepfake technologies are being weaponized to create highly convincing phishing emails, voice calls, and even video messages that impersonate trusted entities like the IRS or tax preparers.” The scale and believability of these scams have reached new heights.
AI allows attackers to craft personalized scams that appear genuine. Adam Khan, VP of Global Security Operations at Barracuda, reports a staggering 150% increase in fake IRS calls using voice cloning. Small businesses, tax professionals, and even large firms are also targets of spear-phishing campaigns that bypass traditional defenses. Alain Constantineau, VP North America at Hornetsecurity, explains that “Threat actors look to impersonate key personnel such as Finance and HR officers or executives in order to phish personal information from employees.”
Synthetic Identities and Deepfakes: The New Face of Fraud
These scams extend beyond fake emails or calls. Attackers are constructing synthetic identities, blending real stolen data with fabricated details to create entirely new taxpayer profiles. James Turgal, vice president at Optiv, warns that foreign adversaries and organized crime groups are using this tactic to new heights. They submit fraudulent returns, claim illegitimate refunds, and redirect them to accounts controlled by the criminals.
Meanwhile, deepfake videos and AI-powered chatbots are impersonating tax advisors and IRS agents. They promise instant refunds or issue threats of arrest, both designed to pressure victims into impulsive decisions. Dustin Brewer, senior director at BlueVoyant, cautions that spotting these scams is harder than ever. “Some key indicators of written scams, such as bad grammar and incorrect spelling, are becoming harder to spot due to the accessibility of large language models.”
Patrick Tiquet, vice president at Keeper Security, notes: “Cybercriminals can now create realistic video and audio impersonations of IRS agents, tax professionals, or even family members. To spot AI-generated content, look for subtle mismatches in tone, unnatural speech patterns, or slight inconsistencies in the video.”
What Happens When You’re Targeted?
Many victims don’t realize they’ve been targeted until it’s too late. By the time a fraudulent return is filed using your Social Security number, the damage is done. Identity theft can lead to credit fraud, unauthorized loans, and years of financial headaches. CPA firms and tax preparers are increasingly under siege. Khan points out: “Attackers are targeting payroll systems, looking for W-2 data. Ransomware attacks are specifically focusing on small businesses during tax season.”
Ira Winkler, CISO of CYE, summarizes the core principle: “Nobody is going to call or text you for a tax emergency, and skepticism is your best defense.”
Staying Protected: Practical Guidance
The best defenses aren’t always technical. They’re about smart, consistent behaviors. Here’s a streamlined guide:
- Be Skeptical: The IRS will never initiate contact via phone, email, or text.
- Verify Before Trusting: Contact the organization directly through its official channels if a message seems suspicious.
- Use an IRS Identity Protection PIN (IP PIN): This six-digit number helps protect your tax filings.
- Freeze Your Credit: Prevent new accounts from being opened in your name.
- Enable Multi-Factor Authentication (MFA): Use MFA on all tax-related accounts and portals, avoiding SMS-based MFA.
- Use Strong, Unique Passwords: Utilize a password manager.
- Encrypt and Secure Sensitive Documents: Store files in encrypted cloud storage and shred old documents.
- Limit Data Exposure: Be cautious about what you share on social media.
- Conduct Regular Security Audits: Businesses and tax professionals should conduct bi-annual audits.
- Stay Informed: Follow trusted cybersecurity experts.
The Bottom Line
AI and deepfake technology have given cybercriminals a significant advantage, but their success depends on people acting too hastily or trusting implicitly.. As Chad Cragle, CISO at Deepwatch, emphasizes, “Cybersecurity must be a year-round habit.”
Remember, as Winkler advises, “Contact the IRS directly, or go through your tax preparer. It really is that simple.” If something feels urgent or too good to be true, take a step back and reassess. The best refund is the one you actually get to keep.