如今,每个人都必须警惕自己的税务和财务信息落入不法之徒手中。随着税务申报流程为适应用户习惯变化而日益数字化与即时化,用户的攻击面正呈指数级扩大——尤其当用户未采取基本安全防护措施且缺乏必要安全意识时。
Amid the continued concerns of preserving the integrity of our digital identities, one type of attack method has proliferated. The severity and frequency of tax fraud and online scams has become nothing short of an epidemic in recent years.
Digital transformation is accelerating across many national and international government services; the US has seen most people (136 million at the time of this writing) file their tax returns online in 2025 already, and the UK has announced mandatory Making Tax Digital (MTD) requirements for digitized income and expense records as of April 2026. Other countries are exercising similar measures, but that doesn’t lessen the need for robust cybersecurity and digital identity protection. If anything, it illustrates the need for more stringent and proactive measures.
For taxpayers, they mustn’t be allured by the convenience and time-saving benefits of digital tax return processes alone. No matter how arduous they were before, it’s still prudent to exercise cyber vigilance at every juncture. For cybersecurity professionals, understanding the anatomy of a seemingly legitimate tax return process masquerading as a sophisticated social engineering and information-stealing scam is vital. It’s about giving everyone the ability to safeguard personal information with confidence, while upholding proper security etiquette across an essential piece of national infrastructure.
Common Tax Return Scams
One of the most common types of tax fraud scam involves phishing campaigns, which often manifest as emails claiming to come from established bodies like the IRS (US) or HMRC (UK). This email creates a sense of urgency with its prose, and the user is enticed to claim a refund or respond to criminal or legal charges (both of which don’t exist). However, recent trends have seen phishing attack vectors evolve to the point where human psychology is exploited.
Recent Microsoft security intelligence revealed that between February 12 and 28, 2025, tax-themed phishing emails were sent to over 2,300 organizations, mostly in the US in the engineering, IT, and construction sectors. These attacks are strategically calculated and executed, targeting organizations with valuable intellectual property and financial data.
Common chatter among cyber professionals points to an increase in artificial intelligence (AI) to craft more convincing phishing messages and emails, appearing more ‘legitimate’ and deceptively human in their persuasion. It’s expected that more fake IRS or HMRC correspondence could be created using AI, making traditional methods more ineffective as time goes on.
Common Warning Signs of Tax Return Scams
The first line of defense against any financial or tax return fraud attempt boils down to understand digital certificates and secure connections.
Legitimate tax websites, including the IRS, state tax agencies, and approved tax software providers, implement Extended Validation (EV) SSL/TLS certificates that provide the highest level of authentication. These certificates undergo rigorous vetting processes to verify the organization's legal existence and operational control.
When accessing any tax-related website, cybersecurity professionals should immediately check for SSL/TLS certificates in a browser address bar (evidenced by a lock symbol), valid certificate chains that trace back to trusted Certificate Authorities, and proper domain names that match government or recognized tax software providers.
You can usually tell if a tax site is fraudulent by spotting Domain Validated (DV) or even forged certificates. DV certificates provide encryption but they don’t verify the identity of the hosting organization. This is where email authentication protocols, including SPF, DKIM, and DMARC, can come in useful when confirming the authenticity of tax-related communications. Authorized bodies and authorities use these protocols and their absence should be flagged.
In addition, authentic tax documents often include digital signatures using valid PKI infrastructure. These cryptographic signatures provide non-repudiation and integrity verification that's nearly impossible to forge without access to private keys.
Emerging Financial Scam Threats
- Machine learning (ML) in fraud detection: As malicious actors deploy more AI-led attacks, organizations must respond in kind with stronger detection capabilities. Contemporary fraud detection systems must be equipped with similar fast-acting technology that analyze behavioral patterns, detect anomalies in documents (often at pixel level), cross-reference with multiple data sources, and provide real-time threat intelligence. This empowers human decision-makers to act upon intelligence that they may miss in manual reviews.
- Synthetic identity fraud: An emerging challenge in modern tax fraud involves the creation of fabricated identities and personas, which are constructed by amalgamating real and fake information. These identities can pass baseline-level verification checks, continuing fraudulent activity essentially having bypassed initial security protocols. Detection capabilities must be enhanced exponentially across multiple data sources and platforms, to enable the continuous monitoring of activity by suspected fake users, and separating them from those who are authentic.
What Can Organizations Do to Combat Rising Tax Return Fraud?
Organizations handling tax data at scale should consider implementing comprehensive frameworks, including:
- Hardware Security Modules (HSMs) for protecting cryptographic keys used in tax document processing and digital signatures
- Multi-Factor Authentication (MFA) with certificate-based authentication as one factor, providing a strong primary layer of identity verification
- Zero Trust Architecture (ZTA) that continuously validates every transaction and access request, regardless of the source location
- Advanced email security with AI-powered threat detection
- 24/7 incident response procedures across an organization’s estate with regular red team engagements and penetration testing to validate security teams’ response effectiveness
In addition, network traffic requires extensive and thorough monitoring, with protection standards upheld. This includes certificate pinning for any communications from trusted and validated tax authorities (to prevent man-in-the-middle or MITM attacks), DNS filtering to block access to known fraudulent or otherwise suspicious domains, and network segmentation to isolate tax processing systems from open source networks, creating an additional layer of security.
Tax professionals should take care to ensure certificate details for all tax websites and associated software can be verified. Where possible, secure file transfer protocols for documents and certificate-based authentication measures should be deployed. It’s also in their interests to communicate updated threat intelligence among their contemporaries and wider sector, to preserve wider anti-fraud and money laundering efforts.
Choose GlobalSign to Improve Organization-Wide Security Posture
As digital tax administration becomes more globally accepted, the convergence of cybersecurity and tax compliance will become more overt. Organizations that invest in robust PKI infrastructure, advanced threat detection, and comprehensive security frameworks, sooner rather than later, will be in a prime position to navigate more complex challenges.
Maintaining strong cybersecurity hygiene requires a willingness to adapt to new terrain and developments with confidence, leveraging the latest in PKI technology, certificate management, and threat intelligence to stay one step ahead of increasingly sophisticated cyber-attacks and determined malicious actors.
For more information about implementing PKI solutions and digital certificates for enhanced tax security, explore GlobalSign's enterprise security solutions and certificate management platforms.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
