Technology
How to protect your data from IRS scammers this tax season
Scammers try to impersonate everything and everyone. They email you pretending to be your boss and ask for money, call you claiming your Microsoft account has been hacked or send phishing links for fake package deliveries.
However, the most common type of impersonation scam occurs when bad actors pose as government agencies, especially the IRS.
The Treasury Inspector General for Tax Administration (TIGTA) is aware of this and has issued a new warning for 2025 about text messages impersonating the Internal Revenue Service. I will discuss everything you need to know to avoid this new tax scam and protect your personal information.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW
A person working on their taxes (Kurt “CyberGuy” Knutsson)
The new IRS scam alert
To understand the new IRS scam, let’s first examine what it’s based on. The IRS has been sending out COVID-19 stimulus payments worth up to $1,400 to around 1 million tax filers who missed them. Initially, these payments were self-claimed, but now the IRS is automatically issuing them to ensure eligible taxpayers get what they’re owed.
This provision, known as the Recovery Rebate Credit, allows people to claim missed stimulus payments from 2021. If you were eligible but didn’t receive the funds, you can still claim them by filing a tax return by April 15, 2025. Payments will be deposited directly using the banking information listed on the taxpayer’s 2023 return or sent as a paper check.
However, TIGTA is warning that scammers are targeting taxpayers with fraudulent text messages, as reported by TaxAct. These fake texts claim that recipients will receive an Economic Impact Payment from the IRS and often ask for sensitive personal information, like bank account details or your Social Security number. Scammers use this information to steal your identity or financial data.
The IRS has made it clear that eligible taxpayers who didn’t claim the Recovery Rebate Credit on their 2021 tax return will receive their payments automatically; no action is required.
A woman working on her taxes (Kurt “CyberGuy” Knutsson)
BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS
Spotting phishing scams is more important than ever
Most phones and PCs today have enough protections to keep bad actors at bay, so in almost every case, the only way anyone can access your device and data is if you give it to them. Hackers often send phishing links that impersonate a government agency, someone you know or a trusted brand, tricking you into clicking. Once you do, malware is installed on your device to quietly collect useful data and send it to the hackers. That’s why the most important part of staying safe online is knowing how to distinguish between legitimate and scam messages emails or calls. For example, you can easily tell if a communication is from the IRS or a scam by focusing on the following key factors.
- Type of communication: The IRS will never contact you via text for things like economic impact payments or financial information requests; they will send a letter or notice through mail or fax.
- Suspicious links: Government websites always end in “.gov,” while scam texts may contain links ending in “.com” or “.net.”
- Demands or threats: Be cautious of messages that create urgency or threats and look for any oddities or misspellings in the link as well.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Illustration of items used to prepare taxes (Kurt “CyberGuy” Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
10 ways to stay safe from scammers impersonating government agencies
1. Install strong antivirus software: As scammers increasingly impersonate government agencies like the IRS through phishing links and fake messages, installing strong antivirus software is crucial to protect yourself from these threats. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Antivirus software can detect and block suspicious links, warn you about potentially harmful websites and prevent malware from being installed on your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Always verify the authenticity of unsolicited communications: If you receive an unexpected email, text or phone call claiming to be from a government agency, it’s essential to confirm its authenticity. Scammers often create a sense of urgency to trick you into taking immediate action. To verify, always use official contact details from government websites. Avoid clicking any links in the message and reach out to the agency directly to confirm whether the communication is legitimate.
3. Reach out directly if you’re unsure: When you’re unsure about the legitimacy of a message or request, contact the government agency directly using verified contact details. Never respond to the message or click on any links within it. By calling or visiting the agency’s official website, you can ensure you’re communicating with authorized representatives and avoid scammers impersonating government officials.
4. Use strong, unique passwords to protect your accounts: One of the best ways to protect your sensitive information from scammers is by using strong, unique passwords for each of your accounts. Avoid using easily guessable passwords like “password123” or “qwerty.” Instead, create complex passwords that include a mix of uppercase and lowercase letters, numbers and special characters.
Also, consider using a password manager to keep track of your credentials and ensure you’re using different passwords for each account. Get more details about my best expert-reviewed password managers of 2025 here.
5. Monitor your tax account: Regularly check your IRS account at www.irs.gov to confirm the status of your tax return, verify that no unauthorized tax filings have occurred and update personal and contact information as needed.
6. Report suspicious tax-related activities immediately: If you suspect a scam or fraudulent activity, it’s crucial to report it to the relevant authorities right away. Whether you’ve received a suspicious message or believe your information has been compromised, reporting it helps prevent further harm. The IRS and other agencies have dedicated channels for reporting fraud, so take action as soon as you can to protect yourself and others from these schemes.
7. Invest in personal data removal services: Use a personal data removal service to remove your personal information from data broker and people-finder sites, which scammers often use to find phone numbers and email addresses. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
8. Use direct deposit for refunds: This is the safest way to receive your tax refund, reducing the risk of mail theft, forgery or fraudulent check cashing.
9. Be wary of spoofed websites: Type the address of your actual tax prep site rather than clicking on a link from an email or advertisement. Investigate the domain before entering any confidential information.
10. Use an identity theft protection service: An identity theft protection service provides personal and financial monitoring and will try to help you if your identity is ever compromised. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
THE TAXING TRUTH: A STATE-BY-STATE ANALYSIS OF TAX TIME TRICKERY
Kurt’s key takeaway
Tax season is here, and with it comes an increase in scams impersonating the IRS and targeting taxpayers. The good news is these scams are often easy to spot. If you receive a text message from the IRS asking you to provide personal information, it’s a red flag; it’s not from them. Be especially cautious of any links included in the message. A legitimate URL will always end in “.gov.” However, scammers may try to trick you by altering the link slightly, so look closely for any misspellings or strange characters. If in doubt, always verify through official channels.
Do you think AI is making it easier for scammers to impersonate legitimate organizations like the IRS? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Alert: Malware steals bank cards and passwords from millions of devices.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Updates to [@]Grok Account
We have implemented technological measures to prevent the Grok account from allowing the editing of images of real people in revealing clothing such as bikinis. This restriction applies to all users, including paid subscribers.
Additionally, image creation and the ability to edit images via the Grok account on the X platform are now only available to paid subscribers. This adds an extra layer of protection by helping to ensure that individuals who attempt to abuse the Grok account to violate the law or our policies can be held accountable.
Geoblock update
We now geoblock the ability of all users to generate images of real people in bikinis, underwear, and similar attire via the Grok account and in Grok in X in those jurisdictions where it’s illegal.
NEWYou can now listen to Fox News articles!
Mac users often assume they’re safer than everyone else, especially when they stick to official app stores and trusted tools.
That sense of security is exactly what attackers like to exploit. Security researchers have now uncovered a fresh wave of malicious Mac extensions that don’t just spy on you, but can also steal cryptocurrency wallet data, passwords and even Keychain credentials. What makes this campaign especially concerning is where the malware was found, inside legitimate extension marketplaces that many people trust by default.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Once active, GlassWorm targets passwords, crypto wallets, and even your macOS Keychain without obvious warning signs. (Cyberguy.com)
How malicious Mac extensions slipped into trusted stores
Security researchers at Koi Security uncovered a new wave of the GlassWorm malware hiding inside extensions for code editors like Visual Studio Code (via Bleeping Computer). If you’re not familiar with code editors, they’re tools developers use to write and edit code, similar to how you might use Google Docs or Microsoft Word to edit text. These malicious extensions appeared on both the Microsoft Visual Studio Marketplace and OpenVSX, platforms widely used by developers and power users.
FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE
At first glance, the extensions looked harmless. They promised popular features like code formatting, themes or productivity tools. Once installed, though, they quietly ran malicious code in the background. Earlier versions of GlassWorm relied on hidden text tricks to stay invisible. The latest wave goes further by encrypting its malicious code and delaying execution, making it harder for automated security checks to catch.
Even though this campaign is described as targeting developers, you don’t need to write code to be at risk. If you use a Mac, install extensions or store passwords or cryptocurrency on your system, this threat still applies to you.
What GlassWorm does once it’s on your Mac
Once active, GlassWorm goes after some of the most sensitive data on your device. It attempts to steal login credentials tied to platforms like GitHub and npm, but it doesn’t stop there. The malware also targets browser-based cryptocurrency wallets and now tries to access your macOS Keychain, where many saved passwords are stored.
Researchers also found that GlassWorm checks whether hardware wallet apps like Ledger Live or Trezor Suite are installed. If they are, the malware attempts to replace them with a compromised version designed to steal crypto. That part of the attack isn’t fully working yet, but the functionality is already in place.
To maintain access, the malware sets itself up to run automatically after a reboot. It can also allow remote access to your system and route internet traffic through your Mac without you realizing it, turning your device into a quiet relay for someone else.
Some of the malicious extensions showed tens of thousands of downloads. Those numbers can be manipulated, but they still create a false sense of trust that makes people more likely to install them.
7 steps you can take to stay safe from malicious Mac extensions
Malicious extensions don’t look dangerous. That’s what makes them effective. These steps can help you reduce the risk, even when threats slip into trusted marketplaces.
1) Only install extensions you actually need
Every extension you install increases risk. If you’re not actively using one, remove it. Be especially cautious of extensions that promise big productivity gains, premium features for free or imitate popular tools with slightly altered names.
2) Verify the publisher before installing anything
Check who made the extension. Established developers usually have a clear website, documentation and update history. New publishers, vague descriptions or cloned names should raise red flags.
These malicious extensions looked like helpful tools but quietly ran hidden code once installed. (Cyberguy.com)
3) Use a password manager
A password manager keeps your logins encrypted and stored safely outside your browser or editor. It also ensures every account has a unique password, so if one set of credentials is stolen, attackers can’t reuse it elsewhere.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
HOW HACKERS ARE BREAKING INTO APPLE DEVICES THROUGH AIRPLAY
4) Run strong antivirus software on your Mac
Modern macOS malware doesn’t always drop obvious files. Antivirus tools today focus on behavior, looking for suspicious background activity, encrypted payloads and persistence mechanisms used by malicious extensions. This adds a critical safety net when something slips through official marketplaces.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5) Consider a personal data removal service
When your data leaks, it often spreads across data broker sites and breaches databases. Personal data removal services help reduce how much of your information is publicly available, making it harder for attackers to target you with follow-up scams or account takeovers.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Turn on two-factor authentication (2FA)
Enable 2FA wherever possible, especially for email, cloud services, developer platforms and crypto-related accounts. Even if a password is stolen, 2FA can stop attackers from logging in.
7) Keep macOS and your apps fully updated
Security updates close gaps that malware relies on. Turn on automatic updates so you’re protected even if you miss the headlines or forget to check manually.
Mac users often trust official app stores, but that trust is exactly what attackers are counting on. (Kurt “CyberGuy” Knutsson)
Kurt’s key takeaway
GlassWorm shows that malware doesn’t always come from shady downloads or obvious scams. Sometimes it hides inside tools you already trust. Even official extension stores can host malicious software long enough to cause real harm. If you use a Mac and rely on extensions, a quick review of what’s installed could save you from losing passwords, crypto or access to important accounts.
When was the last time you checked the extensions running on your Mac? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
BMW teased its forthcoming all-electric M-series performance sedan today, promising that the quad-motor M3 sports car would feature specs that are truly next level when it arrives in 2027.
The M3 will have four electric motors and simulated gear shifting, a feature that is quickly becoming a must-have for electrified sports cars. BMW says the setup unlocks the benefits of both rear and all-wheel drive, with the ability to decouple the front axle.
The electric M3 will also be built on BMW’s Neue Klasse platform that promises more efficient batteries, lightning fast charging, and higher powered computers. The architecture will be 800-volt, the regenerative braking will be highly efficient, and if the camouflaged pictures are any indication, it will be a real looker on the streets.
Speaking of computers, the M3 will have four of them, unified under its oddly named “Heart of Joy” component that aggregates all the traction, stability, and electric motor management functions of the vehicle. That means when software updates are made available, the vehicle’s brain will be able to receive them over-the-air faster than BMW’s current processors.
The M3’s simulated gear shifting will feature a “newly developed soundscape” that “channels pure emotion.” Like other automakers, BMW is loath to alienate its loyal M-series customers by giving them all the torque but none of the gearing feedback. And now a fake “soundscape” will accompany all that shifting. Porsche, Hyundai, and Dodge are also on board the fake EV gear shifting bandwagon.
Photos capture new protests after second ICE shooting in Minneapolis
City-County Councilor Vop Osili announces 2027 Indianapolis mayoral bid
Pittsburgh permitting problems | How one daycare had to struggle to reopen its playground
Drive-thru flu-shot clinic taking place today in Augusta
House Passes Bill To Keep Blocking Washington, D.C. From Legalizing Marijuana Sales – Marijuana Moment
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Hochul endorses legislation to allow New Yorkers to sue ICE agents: ‘Power does not justify abuse’
Iran reopens airspace after closure to most flights amid US attack threats
Trump says he’s been assured Tehran has stopped killing protesters as Iran reopens its airspace – live
Republicans light cigars, cigarettes on burning photos of Khamenei to show support for Iranian protesters
EU Parliament questions defence loan’s ‘€17 billion gift’ to Hungary
-
Montana5 days agoService door of Crans-Montana bar where 40 died in fire was locked from inside, owner says
-
Technology1 week agoPower bank feature creep is out of control
-
Delaware6 days agoMERR responds to dead humpback whale washed up near Bethany Beach
-
Dallas, TX7 days agoAnti-ICE protest outside Dallas City Hall follows deadly shooting in Minneapolis
-
Education1 week agoVideo: This Organizer Reclaims Counter Space
-
Virginia5 days agoVirginia Tech gains commitment from ACC transfer QB
-
Iowa1 week agoPat McAfee praises Audi Crooks, plays hype song for Iowa State star
-
Montana5 days ago‘It was apocalyptic’, woman tells Crans-Montana memorial service, as bar owner detained