Protect Your Refund: The Latest Tax Scams Explained

Protect Your Refund: The Latest Tax Scams Explained

Tax season is here, and while scammers are getting smarter, you can stay ahead with a few simple steps. Here are the most common scams—and how to protect yourself:

Phishing & Smishing

Scammers send emails or texts that look official, often saying things like “urgent” or “your account is locked” to get you to click a link.
Tip: The IRS will never email or text you about a bill or refund. If you’re unsure, go directly to IRS.gov instead of clicking any link.

Impersonation Calls

Fraudsters call pretending to be IRS agents, threatening arrest or demanding payment through gift cards or cryptocurrency.
Tip: Hang up immediately. Real IRS agents don’t make threats or demand unusual payment methods. Report these calls to the Treasury Inspector General for Tax Administration (TIGTA) at tigta.gov.

AI-Driven Fake Communications

Scammers now use AI to create convincing IRS letters, emails, and even voice recordings. These can look and sound real.
Tip: If you get a message that seems suspicious, verify it through official IRS channels—never trust a link or phone number in the message.

Tax Refund Identity Theft

Criminals use stolen personal information to file fake tax returns and claim refunds.
Tip: Protect yourself by setting up an IRS Identity Protection PIN. It’s a six-digit code that adds an extra layer of security to your tax filings.

Social Media Tax Advice

“Tax hacks” on TikTok or Instagram might promise bigger refunds, but they can lead to audits or penalties.
Tip: Stick to trusted sources like IRS.gov or a qualified tax professional. If it sounds too good to be true, it probably is.

🚨 New: Fake 2FA Pop-Ups

A newer scam making the rounds involves fake two-factor authentication (2FA) pop-ups, often called Browser-in-the-Browser (BitB) attacks. Here’s how it works:

• What happens: You click a link from a phishing email or ad, and a pop-up appears that looks like a legitimate login or verification window (complete with branding and even a fake address bar).
• Why it’s dangerous: These pop-ups capture your username, password, and one-time codes in real time, allowing scammers to bypass security and access your accounts.
• Tax impact: If you use IRS Online Accounts or tax software with 2FA, attackers could hijack your session, file fraudulent returns, or steal sensitive financial data.

How to protect yourself:

• Never enter credentials in a pop-up window—always navigate directly to the official IRS site or your tax software.
• Use a password manager (it won’t autofill into fake pop-ups).
• Consider hardware-based MFA keys for extra security.
• If something feels off, close the browser and restart before logging in again.

Tax season doesn’t have to be stressful. Most scams can be avoided with a little caution—verify who you’re dealing with, use strong security tools, and stick to trusted sources like IRS.gov. Taking these steps now helps protect your refund and your peace of mind.