Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Tax rules shape how organizations protect financial records, manage sensitive identity data, and meet legal duties for cybersecurity and reporting.
Search across headline titles and summaries.
Background for this topic.
Tax is a compulsory payment to a government, calculated under rules that may apply to individuals, businesses, property, transactions, or income. Tax administration depends on records such as identity details, bank-account information, income data, payroll records, and business financial information. Tax agencies, employers, financial institutions, and tax professionals may exchange or store this data through filing portals, application interfaces, email, and document-management systems.
Its security relevance is concentrated in confidentiality, integrity, and identity assurance. Stolen credentials or altered taxpayer records can support fraudulent filings, redirected refunds, or unauthorized access to sensitive financial information; phishing and compromise of a preparer or employer can expose many records at once. Appropriate controls include strong authentication, least-privilege access, encryption, secure data exchange, tamper-evident audit logs, and retention limits consistent with privacy and legal obligations. Security teams should also monitor filing and account changes, verify unusual requests through trusted channels, and maintain procedures for investigating suspected fraud or unauthorized disclosure.
Weekly headline count for the current query.
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing
The UK’s tax office has received 135,500 reports of suspected scams in the past 10 months including 4800 related to self assessment filings
New ITRC research finds 81% of US small businesses suffered a data or security breach in the past year
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025
Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands
Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity
Trend Micro said the trojan has been observed masquerading as communications from tax agencies
Keynote speaker Henry Ajder warns that regulatory measures may be undermined if some countries ignore global rules
The maker of the Mispadu Trojan started distributing a new infostealer with financial lures to Mexican users, Cisco Talos found
Ukrainian Ministry of Defense says cyber-attack wiped Russian tax system servers
Claimants bombarded by phishing emails, phone calls and texts
Security researchers at eSentire shared the findings in an advisory published on Monday
The group banded together to engage in a sophisticated cybercrime and tax fraud scheme
Tax agency says automated tools are to blame