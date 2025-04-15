Scammers are using AI to impersonate IRS workers and scam taxpayers

AI is also helping attackers scale rapidly across multiple vectors

Microsoft shares some simple tips to protect yourself

Scammers are increasingly observed using artificial intelligence to fuel malicious activities, with many opting for AI-generated voice scams and deepfakes to impersonate tax preparers, accountants or IRS officials.

With American citizens partaking in Tax Day, the surge in voice phishing (vishing) attacks means we’re seeing cybercriminals exploiting stolen personal details to convincingly fake identities and scam taxpayers into sharing sensitive financial documents and details.

While consumers have long been familiar with the signs of email phishing, this new attack vector is catching more victims off guard.

Vishing scams are targeting taxpayers

Some easy fixes include implementing multi-factor authentication on online accounts and verifying the authenticity of URLs – by re-typing URLs themselves, users can avoid potential scams such as the use of an upper case ‘i’, which is often used in place of a lower case ‘L’ in attacks.

Moreover, citizens should familiarize themselves with verified communication methods – for example, the IRS does not initiate contact via email, text or social media for personal or financial information, so a message like this should immediately sound alarm bells.

Generative AI has allowed scammers to scale their attacks and create highly believable phishing communications, including realistic emails, voice calls and videos. It can be used at all levels of the attack, from deciding what to say or write to crafting content in the form of emails, websites and even voice impersonations.

Fraudsters can even manipulate search rankings to direct victims to fake sites that promise tax refunds, increasing their sense of authenticity.

Other common attacks can include malicious PDF attachments, the use of QR codes and legitimate services like Dropbox, and fake DocuSign landing pages. Engineering, IT and consulting sector workers are among the most likely to be attacked.