← All resources
Guide

Tax season phishing: the scams that arrive on schedule

A deadline, an authority figure, and money in motion — tax season hands phishers everything they need. The recurring scams, and the rules that hold in every country.

Guide · 6 min read · By SafeToOpen Research · July 2026

Tax season is a phisher’s favourite calendar event, because it comes with three gifts: a deadline, an authority figure, and money in motion. Whether your filing season peaks in April (US), July (Australia and New Zealand) or January (UK self-assessment), the same scams arrive on schedule. Here’s what they look like and how to stay ahead of them.

US$798 million
Reported losses to government-impersonation scams in the US in 2025 — nearly double the year before. Source: FBI IC3 2025 Internet Crime Report.

The tax scams that come back every year

The rules that hold in every country

For businesses: brief the two teams that get targeted

Finance and HR carry tax season’s risk: fraudulent "updated bank details" from suppliers, and payroll-data requests from spoofed executives. One standing rule — verify any payment or data change by phone, on a known number — plus deeper email analysis for targeted staff removes most of it.

faq

Frequently asked questions

Don't decide from the email. Tax agencies rarely announce refunds by email or text with links — sign in to your official tax account directly (typed address or official app) and check there. If no refund shows, the message was a scam.

Initial contact comes by post. Threatening calls, texts or emails demanding immediate payment — especially by gift card, crypto or wire — are scams regardless of country.

Act on identity first: contact your tax agency's fraud line, alert your bank, change the passwords involved, enable MFA, and consider a credit freeze or fraud alert. Speed matters more than embarrassment — this scam catches millions.

See it for yourself

SafeToOpen adds real-time, zero-day protection in your browser and inbox — free to start.

See plans →

Sources

  1. BlackBerry, Global Threat Intelligence Report 2025, cited in Bolster, “Real-Time Brand Protection Alerts.” bolster.ai
  2. Verizon, 2025 Data Breach Investigations Report (DBIR) — median time to click a phishing link. verizon.com
  3. Interisle Consulting Group, Phishing Landscape 2025, cited in Bolster and NetDiligence. netdiligence.com
  4. Check Point Research / industry analysis on HTTPS use in phishing, cited in ControlD, “Phishing Statistics & Industry Trends.” controld.com

External statistics are attributed to their original publishers and were accurate at the time of writing. Figures from industry reports vary by methodology and period; we link to primary sources so you can verify them.

test yourself

Could you spot the fake?

Put this into practice: 12 real-world scams and genuine messages, two minutes, no sign-up.