Technology
Don’t fall for these sneaky tax scams that are out to steal your identity and money
Tax season isn’t fun for most people, but it can be downright miserable if you fall for a scam. This year, there’s been a noticeable uptick in scam callers impersonating IRS officials, and with the rise of AI-voice programs, these scams have become more convincing than ever.
The IRS flagged 2.4 million tax returns with refunds totaling roughly $13.8 billion for possible identity theft. Identity thieves use stolen information — like your SSN, name, address and more — to file fraudulent tax returns in your name.
Meanwhile, the Better Business Bureau’s (BBB) Scam Tracker collects reports on tax scams from the public. For scams reported as tax collection to BBB’s Scam Tracker in 2023, the median dollar loss was $2,100.
Here are some of the scams the BBB warns you to look out for this tax season.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
“Tax time” post-it on tax documents. (Kurt “CyberGuy” Knutsson)
1. Phone scams
Scammers pretend to be someone from the IRS and call you to ask to make back payments or send over personal information that can’t be found in the IRS system. They often pressure you to act immediately, threatening arrest or fines if you don’t comply.
In 2024, phone scammers have gotten so sophisticated that they will create fake badge numbers, get a fake caller ID name that appears to be from the government or leave official-sounding robocalls with the help of AI voiceovers.
NEW IRS CRACKDOWN ON ‘HIGH-INCOME’ TAX CHEATS OWING HUNDREDS OF MILLIONS
2. Phishing email scams
Phishing emails are scam emails designed to get personal information from you. Scammers will text, email or even message you on social media, claiming to be an IRS agent, and they will send you a link to a fake IRS website designed to steal your Social Security number and other sensitive personal data. Always remember: the IRS will never communicate with you via email but instead by physical USPS mail.
A person preparing their tax documents. (Kurt “CyberGuy” Knutsson)
3. Signs of tax-related identity theft
1. If you try to file your tax return by mail and receive a letter from the IRS stating that they have already received a return in your name, that could mean your identity has been compromised.
2. Also, if you go to file your tax return electronically and the IRS alerts you that someone filed for your return using your Social Security number, then you have likely been a victim of identity theft.
3. Lastly, if the IRS sends you a letter stating that you have created a new online account and you know you didn’t do this, that is a dead giveaway that your identity may have been stolen.
Tax documents. (Kurt “CyberGuy” Knutsson)
MORE: THE URGENT PAYPAL EMAIL SCAM YOU CAN’T AFFORD TO IGNORE
Stay safe with these 8 tips from the Better Business Bureau
Tip 1 – File early
Filing early is one of the most sure-fire ways to keep yourself safe during tax season. If you file as soon as possible, there’s less of a chance someone can steal your identity by filing your taxes before you do. Always make sure to have all of your tax documents ready when you start to file.
Tip 2 – Know how the real IRS will contact you
The IRS doesn’t send emails, and their agents will never text you or contact you on social media. Typically, the IRS will only contact you through postage mail, but there is a chance that an IRS agent may perform an in-person visit, but only after confirming the visit via postage mail.
Tip 3 – Get an identity protection PIN (IP PIN) from the IRS
An easy way to add an extra layer of security to yourself is by getting an Identity Protection PIN, or IP-PIN, from the IRS. An IP-PIN is a six-digit number that the IRS uses to confirm your identity. It can help identify you even when someone nefarious has accessed your Tax ID and Social Security number. Signing up for an IP-PIN is easy and can be done online at IRS.gov, and the IRS will mail you a new IP-PIN after you opt-in every December.
Calculator and tax documents. (Kurt “CyberGuy” Knutsson)
MORE: BEWARE OF THE ‘SAY YES’ PHONE SCAM
Tip 4 – Know how the IRS accepts payments
The IRS never demands immediate payment and will never ask for a credit card number or bank information over the phone. Never, under any circumstances, pay any money to someone claiming to be an IRS agent asking for cryptocurrency, digital gift cards or wire transfers.
Tip 5 – Know the signs of fraud
If the IRS informs you that either your return has already been filed or that you received wages from an employer you aren’t familiar with, you need to visit an IRS office in person as soon as possible to ensure you haven’t fallen victim to fraud.
Tip 6 – Protect your information
Ensure you keep all documents related to your taxes in a secure location, such as a home filing cabinet or on a password-protected computer. Generally, never give out your Social Security number unless absolutely necessary.
Tip 7 – Only use secure filing websites
Always make sure you are accessing the real IRS website by checking that the URL is spelled correctly. Look for the lock symbol next to the URL in your browser’s search bar to tell you that your connection to the IRS’s website is secure.
Tip 8 – Report any suspected scams
If you receive a phone call or email asking for important tax information, hang up immediately. Report the call first to the IRS. Next, you should make a report to the Federal Communications Commission. Finally, head to the Better Business Bureau and report the scam to their scam tracker.
Person upset by what he sees. (Kurt “CyberGuy” Knutsson)
MORE: HOW SCAMMERS USE GOOGLE VOICE VERIFICATION CODES TO STEAL YOUR IDENTITY AND MONEY
5 things to do if you are a victim of identity theft
1. Complete IRS Form 14039, the Identity Theft Affidavit: This is the form that all victims of fraud have to fill out for the IRS. This will let them know that the person who is claiming to be you is a fraud. You can find the form on the IRS website.
2. Request a copy of the fraudulent tax return from the IRS: You can do this by going to this page on the IRS website on dealing with fraudulent returns and following the instructions to order a copy.
3. Alert national credit bureaus: Let the national bureaus like Experian, Equifax and TransUnion know that there has been fraud and place a freeze on your account so that the scammers cannot get to it.
4. Report the crime to the Federal Trade Commission: The FTC is there to help track down scammers, and your report can also help them keep a record of how many scams are happening in a single year so that they can better improve how to warn others. You should also report the crime to identitytheft.gov
5. Check your online bank accounts: Make sure there aren’t any suspicious transactions on any of your accounts.
A woman is upset while preparing her taxes. (Kurt “CyberGuy” Knutsson)
MORE: TOP WAYS TO SAFEGUARD AGAINST SOCIAL SECURITY NUMBER FRAUD
How can you protect yourself from tax-related identity theft?
Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt’s key takeaways
Going from winter into spring may seem like an intense time with scammers due to the tax season immediately following the holiday shopping season. However, the reality is that scammers work around the clock and are active all year. These tips from the Better Business Bureau are a helpful reminder of ways to keep yourself safe from scammers throughout the year.
How do you feel about the rise of AI-voice programs and their use in phone scams? Does it make you not even want to pick up the phone? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most-asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Anthropic is making it easier to switch to its Claude AI from other chatbots with an update that brings Claude’s memory feature to users on the free plan, along with a new prompt and dedicated tool for importing data from other chatbots. These upgrades could allow users who have been using rivals like OpenAI’s ChatGPT or Google’s Gemini to quickly copy the data their preferred AI has collected on them and bring it over to Anthropic’s chatbot. That way, they don’t have to “start over” teaching Claude the context and history their previous chatbot already knows.
The option to import and export memories from Claude has been available since October, when Anthropic also rolled out the option for users to turn on Claude’s memory. Up until now, the memory feature was only available to users on paid Claude subscriptions, but now all Claude users can turn it on by going into “settings” then “capabilities.” This menu is also where users can find the new memory importing tool, which has users copy a pre-written prompt into their previous AI then copy the output from that prompt back into Claude’s importing tool.
Anthropic is introducing the upgraded memory importing tool as Claude is seeing a rise in popularity, driven by tools like Claude Code and Claude Cowork. Last month, Anthropic launched its new Opus 4.6 and Sonnet 4.6 models, which the company says are better at coding and completing complex tasks like working through a spreadsheet or filling out forms.
Anthropic has also been experiencing a spike in attention recently after pushing back against demands from the Pentagon to loosen the guardrails on its AI models, with the company stating publicly that they drew “red lines” around mass surveillance and fully autonomous lethal weapons.
NEWYou can now listen to Fox News articles!
You trust your email security settings for a reason. So when an AI assistant quietly reads and summarizes messages marked confidential, that trust takes a hit.
Microsoft says a bug in Microsoft 365 Copilot allowed its AI chat feature to process sensitive emails since late January.
The issue bypassed Data Loss Prevention policies that organizations rely on to protect private information. Put simply, emails that were supposed to stay locked down were being summarized anyway.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Microsoft 365 Copilot’s work chat interface sits at the center of the issue after a bug allowed it to summarize confidential emails. (Microsoft)
Microsoft 365 Copilot bug summarized confidential emails
Microsoft says a coding error impacted Microsoft 365 Copilot Chat, specifically the “work tab” feature. The AI assistant helps business users summarize content, draft responses and analyze information across Word, Excel, PowerPoint, Outlook and OneNote.
Beginning Jan. 21, an internal bug labeled CW1226324 caused Copilot to read and summarize emails stored in Sent Items and Drafts folders.
The real concern runs deeper. Several of those messages carried confidentiality or sensitivity labels.
Companies apply those labels along with DLP policies to block automated systems from accessing restricted content. Despite those safeguards, Copilot still generated summaries.
We reached out to Microsoft, and a spokesperson provided CyberGuy with the following statement:
“We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see. While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.”
Why the Microsoft 365 Copilot bug matters for data security
AI tools feel helpful. They save time and reduce busy work. But they also rely on deep access to your data. When safeguards fail, even temporarily, sensitive content can move in ways you did not expect.
YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT
For businesses, that could mean:
Legal discussions summarized outside intended controls
Financial projections processed despite restrictions
HR communications are exposed to automated analysis
Even if no data leaves the organization, the bypass itself raises concerns about how AI integrates with enterprise security systems.
Business users rely on Copilot to streamline work, but a recent bug raised concerns about how it handles sensitive email content. (Microsoft)
How Microsoft is fixing the Microsoft 365 Copilot bug
Microsoft says it began rolling out a fix in early February. The company continues to monitor deployment and is contacting some affected users to verify the fix works.
However, Microsoft has not provided a final timeline for full remediation. It has also not disclosed how many organizations were affected.
The issue is tagged as an advisory, which usually signals limited scope or impact. Still, many security professionals will want deeper clarity before feeling comfortable.
What this Microsoft 365 Copilot issue reveals about AI security
This incident highlights something many companies are wrestling with right now. AI assistants sit inside productivity platforms. They need access to email, documents and collaboration tools to work well.
TIKTOK AFTER THE US SALE: WHAT CHANGED AND HOW TO USE IT SAFELY
At the same time, those platforms contain your most sensitive information. When AI features expand quickly, security policies must evolve just as fast. Otherwise, even a small code mistake can create unexpected exposure.
The Copilot chat feature was designed to boost productivity, yet a code error let it process emails labeled confidential. (Microsoft)
Ways to stay safe after the Microsoft 365 Copilot bug
If your organization uses Microsoft 365 Copilot, here are practical steps to reduce risk:
1) Review Copilot access settings
Work with your IT team to confirm which folders and data sources Copilot can access.
2) Revalidate DLP policies
Test sensitivity labels and DLP (Data Loss Prevention) rules to ensure they block AI processing as intended.
3) Monitor advisory updates
Stay current on Microsoft service alerts and verify that the fix is fully deployed in your tenant.
4) Limit AI scope during investigations
If you have concerns, consider temporarily restricting Copilot features until verification is complete.
5) Train employees on AI boundaries
Remind staff that AI assistants can process drafts and send messages. Encourage careful handling of sensitive content.
6) Audit Copilot activity logs
Review audit logs to see whether Copilot accessed or summarized labeled emails. This helps determine actual exposure rather than assumed risk.
7) Review sensitivity label configuration
Confirm that confidential labels are configured to block AI processing where required. Misconfigured labels can create gaps even after a bug is fixed.
8) Reassess retention and draft policies
Because the issue involved Sent Items and Drafts, evaluate whether sensitive drafts should be stored long-term or deleted after sending.
9) Limit Copilot to specific user groups
Instead of enabling Copilot organization-wide, consider a phased deployment to departments with lower sensitivity exposure.
10) Conduct a post-incident security review
Use this moment to reassess how AI tools integrate with compliance controls. Treat it as a learning opportunity rather than a one-time glitch.
Pro Tip: This Copilot bug centers on enterprise controls. Even so, AI tools operate on your devices and accounts, so keeping software up to date and using strong antivirus software adds an important layer of defense. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
Considering a more private email provider
Enterprise AI bugs raise a bigger question: how much access should email platforms have to your data in the first place? If you want an added layer of privacy beyond mainstream providers, privacy-focused email services are worth exploring.
Some offer end-to-end encryption, support for PGP encryption and a strict no-ads business model that avoids scanning messages for marketing purposes.
AI WEARABLE HELPS STROKE SURVIVORS SPEAK AGAIN
Many also allow you to create disposable email aliases, which can reduce spam and limit exposure if one address is compromised.
While no provider is immune to software bugs, choosing an email service built around privacy rather than data monetization can limit how much of your information is accessible to automated systems in the first place.
For individuals, journalists and small businesses especially, that added control can make a meaningful difference.
For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com
Kurt’s key takeaways
AI assistants are becoming part of daily work life. They promise speed, efficiency and smarter workflows. But convenience should never outrun security.
This Copilot bug may have a limited impact. Still, it serves as a reminder that AI tools are only as strong as the guardrails behind them.
When those guardrails slip, even briefly, sensitive information can move in unexpected ways. As AI becomes more embedded in business software, trust will depend on transparency, fast fixes and clear communication.
Here is the real question: If your AI assistant can see everything you write, are you fully confident it respects every boundary you set? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
Just days after showing off the Galaxy S26, Samsung is finally rolling out the ability for users to unlock their home with a tap of their phone or by simply approaching their door. The new feature, called Digital Home Key, will live inside Samsung Wallet and is powered by the Aliro smart home standard.
Samsung first teased its Digital Home Key feature in 2024 and said the feature would be available in 2025. That didn’t pan out, as the CSA’s Aliro standard — which will let users unlock smart locks with any phone — only arrived in February of this year. The new standard uses near-field communication (NFC) for its tap-to-unlock technology. It also supports ultra-wideband (UWB), giving users the ability to unlock their door as they approach and without pulling out their phone.
To add a Digital Home Key to your wallet, you’ll need to set up a compatible smart lock through SmartThings using Matter. Only some Galaxy smartphones support both NFC and UWB, including the Galaxy Z Fold 4 and up, as well as the Galaxy S22 Ultra and up. You can view the full list of compatible devices on Samsung’s website.
Trump claims US stockpiles mean wars can be fought ‘forever’; Kristi Noem testifies before Congress – US politics live
Ohio courtroom devolves into chaos after sentencing in death of teen
Travis County DA faces renewed ‘soft on crime’ criticism after career criminal charged with murder
Alleged criminal history of missing mom found after 24 years catches up with her
Millionaire philanthropist allegedly gunned down by worker in female wig; ambushes Maryland trooper: police
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Trump claims US stockpiles mean wars can be fought ‘forever’; Kristi Noem testifies before Congress – US politics live
War in the Middle East: Iran’s broad retaliation in the Gulf • FRANCE 24 English
Trump sends official notification to Congress on strikes against Iran
Unexpected birth brings hope to near-extinct Amazon tribe
Supreme Court blocks redrawing of New York congressional map, dealing a win for GOP
-
World5 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts6 days agoMother and daughter injured in Taunton house explosion
-
Denver, CO6 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Louisiana1 week agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Oregon4 days ago2026 OSAA Oregon Wrestling State Championship Results And Brackets – FloWrestling
-
Technology1 week agoArturia’s FX Collection 6 adds two new effects and a $99 intro version
-
News1 week agoVideo: How Lunar New Year Traditions Take Root Across America
-
Florida2 days agoFlorida man rescued after being stuck in shoulder-deep mud for days