As tax season unfolds, security leaders should be mindful of the associated risks. The IRS Criminal Investigation’s Fiscal Year 2025 Annual Report revealed financial crimes reaching $10.59 billion, and out of that figure, $4.5 billion was related to tax fraud.

This represented a 111.8% increase from the 2024 fiscal year. If this trend continues, security leaders can expect an increase in tax-related fraud activity this year. Whether or not the trend continues, organizations should be mindful of the risks this season presents, especially as AI becomes increasingly involved in cybercriminal activity. 

Why Tax Season Is An Ideal Opportunity for Cybercriminals

Cybercriminals seek to take advantage of large events, particularly the heightened activity or emotions surrounding them. In the case of tax season, this event can be both busy and emotional. 

“Tax season is stressful for many, making it an ideal time for scammers to target unsuspecting and distracted taxpayers,” explains Sean Murphy, PhD, CCISO, CISSP-ISSMP and Senior Vice President at BECU. “Awareness is our first, and best, line of defense. Criminals often pose as the IRS, payroll companies, tax preparation services, or even trusted financial institutions in an effort to steal money and sensitive information.” 

The risks surrounding tax season are nothing new. Neither are the risks that AI presents. But as cybercriminals continue to advance the sophistication and speed of their tactics through AI, the risks will only increase for organizations that are unprepared to face the challenge. 

How AI Could Amplify These Risks

The risks surrounding tax season are varied. 

“These schemes range from phishing emails, fake calls or texts, and social media messages to fraudulent tax filings using stolen identities, and they’re only becoming more sophisticated with the introduction of AI,” says Murphy. 

Tony Jarjoura, CFO at Gigamon, adds, “AI is going to have a drastic impact on tax-related scams this year. In the past, there were real barriers to entry for cybercriminals, including language limitations, technical skill gaps, and the challenge of gathering reliable personal information. AI removes those barriers, enabling threat actors to create highly convincing, hyper-personalized messages at little to no cost. As a result, we’re seeing scams that can impersonate trusted voices, replicate official-looking IRS emails, and generate polished tax documents that appear completely legitimate. What once required a coordinated criminal operation can now be carried out by a single individual using AI tools.”

The threat of deepfakes only adds to the complexity of these risks. 

Murphy says, “Picture this: you receive a convincing phone or video call from someone who sounds and acts exactly like a representative from your local bank branch. They claim there’s an urgent tax-related issue with your account and pressure you to share passwords or authorize a wire transfer immediately. It’s not a clumsy scam — this impersonation is eerily accurate and emotionally manipulative. That’s because AI can scour the internet, piecing together your personal information from sources like Facebook and LinkedIn, then use it to create a realistic identity specifically designed to trick you. In the age of AI, the old advice ‘trust, but verify’ is now ‘verify, then trust’ — because even your trusted financial advisor could be impersonated by an AI bot and algorithm with a really convincing story.”

How Security Leaders Can Protect Their Organizations

While AI threats are evolving, security leaders can bolster their organization’s defenses by sticking to the fundamentals. 

“The solution isn’t just better technology, but stronger awareness, clear and consistent training, and verification habits that encourage people to pause and evaluate before acting,” says Jarjoura. “This also means looking out for those around you, especially less savvy individuals who may be less familiar with these emerging risks.”

In addition, security leaders are also encouraged to consider AI-related vulnerabilities that often are overlooked. So, while tax season may be leveraged by cybercriminals, it can also be an opportunity for organizations to improve their AI defenses.