Technology
Don’t fall for these sneaky tax scams that are out to steal your identity and money
Tax season isn’t fun for most people, but it can be downright miserable if you fall for a scam. This year, there’s been a noticeable uptick in scam callers impersonating IRS officials, and with the rise of AI-voice programs, these scams have become more convincing than ever.
The IRS flagged 2.4 million tax returns with refunds totaling roughly $13.8 billion for possible identity theft. Identity thieves use stolen information — like your SSN, name, address and more — to file fraudulent tax returns in your name.
Meanwhile, the Better Business Bureau’s (BBB) Scam Tracker collects reports on tax scams from the public. For scams reported as tax collection to BBB’s Scam Tracker in 2023, the median dollar loss was $2,100.
Here are some of the scams the BBB warns you to look out for this tax season.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
“Tax time” post-it on tax documents. (Kurt “CyberGuy” Knutsson)
1. Phone scams
Scammers pretend to be someone from the IRS and call you to ask to make back payments or send over personal information that can’t be found in the IRS system. They often pressure you to act immediately, threatening arrest or fines if you don’t comply.
In 2024, phone scammers have gotten so sophisticated that they will create fake badge numbers, get a fake caller ID name that appears to be from the government or leave official-sounding robocalls with the help of AI voiceovers.
NEW IRS CRACKDOWN ON ‘HIGH-INCOME’ TAX CHEATS OWING HUNDREDS OF MILLIONS
2. Phishing email scams
Phishing emails are scam emails designed to get personal information from you. Scammers will text, email or even message you on social media, claiming to be an IRS agent, and they will send you a link to a fake IRS website designed to steal your Social Security number and other sensitive personal data. Always remember: the IRS will never communicate with you via email but instead by physical USPS mail.
A person preparing their tax documents. (Kurt “CyberGuy” Knutsson)
3. Signs of tax-related identity theft
1. If you try to file your tax return by mail and receive a letter from the IRS stating that they have already received a return in your name, that could mean your identity has been compromised.
2. Also, if you go to file your tax return electronically and the IRS alerts you that someone filed for your return using your Social Security number, then you have likely been a victim of identity theft.
3. Lastly, if the IRS sends you a letter stating that you have created a new online account and you know you didn’t do this, that is a dead giveaway that your identity may have been stolen.
Tax documents. (Kurt “CyberGuy” Knutsson)
MORE: THE URGENT PAYPAL EMAIL SCAM YOU CAN’T AFFORD TO IGNORE
Stay safe with these 8 tips from the Better Business Bureau
Tip 1 – File early
Filing early is one of the most sure-fire ways to keep yourself safe during tax season. If you file as soon as possible, there’s less of a chance someone can steal your identity by filing your taxes before you do. Always make sure to have all of your tax documents ready when you start to file.
Tip 2 – Know how the real IRS will contact you
The IRS doesn’t send emails, and their agents will never text you or contact you on social media. Typically, the IRS will only contact you through postage mail, but there is a chance that an IRS agent may perform an in-person visit, but only after confirming the visit via postage mail.
Tip 3 – Get an identity protection PIN (IP PIN) from the IRS
An easy way to add an extra layer of security to yourself is by getting an Identity Protection PIN, or IP-PIN, from the IRS. An IP-PIN is a six-digit number that the IRS uses to confirm your identity. It can help identify you even when someone nefarious has accessed your Tax ID and Social Security number. Signing up for an IP-PIN is easy and can be done online at IRS.gov, and the IRS will mail you a new IP-PIN after you opt-in every December.
Calculator and tax documents. (Kurt “CyberGuy” Knutsson)
MORE: BEWARE OF THE ‘SAY YES’ PHONE SCAM
Tip 4 – Know how the IRS accepts payments
The IRS never demands immediate payment and will never ask for a credit card number or bank information over the phone. Never, under any circumstances, pay any money to someone claiming to be an IRS agent asking for cryptocurrency, digital gift cards or wire transfers.
Tip 5 – Know the signs of fraud
If the IRS informs you that either your return has already been filed or that you received wages from an employer you aren’t familiar with, you need to visit an IRS office in person as soon as possible to ensure you haven’t fallen victim to fraud.
Tip 6 – Protect your information
Ensure you keep all documents related to your taxes in a secure location, such as a home filing cabinet or on a password-protected computer. Generally, never give out your Social Security number unless absolutely necessary.
Tip 7 – Only use secure filing websites
Always make sure you are accessing the real IRS website by checking that the URL is spelled correctly. Look for the lock symbol next to the URL in your browser’s search bar to tell you that your connection to the IRS’s website is secure.
Tip 8 – Report any suspected scams
If you receive a phone call or email asking for important tax information, hang up immediately. Report the call first to the IRS. Next, you should make a report to the Federal Communications Commission. Finally, head to the Better Business Bureau and report the scam to their scam tracker.
Person upset by what he sees. (Kurt “CyberGuy” Knutsson)
MORE: HOW SCAMMERS USE GOOGLE VOICE VERIFICATION CODES TO STEAL YOUR IDENTITY AND MONEY
5 things to do if you are a victim of identity theft
1. Complete IRS Form 14039, the Identity Theft Affidavit: This is the form that all victims of fraud have to fill out for the IRS. This will let them know that the person who is claiming to be you is a fraud. You can find the form on the IRS website.
2. Request a copy of the fraudulent tax return from the IRS: You can do this by going to this page on the IRS website on dealing with fraudulent returns and following the instructions to order a copy.
3. Alert national credit bureaus: Let the national bureaus like Experian, Equifax and TransUnion know that there has been fraud and place a freeze on your account so that the scammers cannot get to it.
4. Report the crime to the Federal Trade Commission: The FTC is there to help track down scammers, and your report can also help them keep a record of how many scams are happening in a single year so that they can better improve how to warn others. You should also report the crime to identitytheft.gov
5. Check your online bank accounts: Make sure there aren’t any suspicious transactions on any of your accounts.
A woman is upset while preparing her taxes. (Kurt “CyberGuy” Knutsson)
MORE: TOP WAYS TO SAFEGUARD AGAINST SOCIAL SECURITY NUMBER FRAUD
How can you protect yourself from tax-related identity theft?
Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt’s key takeaways
Going from winter into spring may seem like an intense time with scammers due to the tax season immediately following the holiday shopping season. However, the reality is that scammers work around the clock and are active all year. These tips from the Better Business Bureau are a helpful reminder of ways to keep yourself safe from scammers throughout the year.
How do you feel about the rise of AI-voice programs and their use in phone scams? Does it make you not even want to pick up the phone? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most-asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
I never felt done with my Animal Crossing: New Horizons island. Despite playing every day for two years, and racking up 1,700 hours of playtime, I somehow never finished decorating. I had plenty of ideas for my island, sure, but actually implementing them was another story: The decorating and terraforming systems that helped make New Horizons a huge success are also slow, manual, and cumbersome, and my patience for decorating and redecorating had finally worn thin.
Fast-forward a few years, and a very much unexpected update is coming to finally fix some of those pain points. Update 3.0 is launching on January 15th, 2026, alongside the Switch 2 Edition of New Horizons. And while the paid Switch 2 upgrade has some nice-to-haves (like Joy-Con 2 mouse controls for indoor decorating), it’s the free update that brings all the key new features.
I recently attended a virtual preview for the New Horizons upgrade and update, and there are two caveats: I have not yet played either the Switch 2 version or the new free content myself, and it’s hard to gauge the quality of the Switch 2 version’s visual and performance improvements over a Zoom call. (I still have some unanswered questions about the biggest performance issues on the original Switch, like the choppy frame rate on more densely decorated islands.) But seeing the 3.0 additions in action, it was easy to imagine myself finishing my island — or at least an island.
As shown in the October announcement trailer, update 3.0 makes much-needed quality-of-life fixes. You’ll finally be able to craft multiple items at once, and crafting will pull materials from your overall storage instead of your pockets, meaning you won’t have to do a bunch of inventory management just to craft some decor. Then there’s Resetti’s Reset Service, which can help you clean up entire sections of your island instantly so you don’t have to pick everything up individually in order to redecorate. Some players also noticed a very subtle but potentially impactful change to movement while terraforming that should hopefully make it a smoother process. And then, as if to show off those decorating improvements, Nintendo also added Slumber Islands.
Not to be confused with dreams, New Horizons’ online island-sharing feature, Slumber Islands are extra sandboxes for you to decorate and play with, where you can set the time of day and the weather and magically conjure up any item you have in your in-game catalog to decorate with, similar to the Happy Home Paradise DLC. You can build bridges and inclines instantly by talking to Lloid, rather than going through Tom Nook and waiting (or time traveling) a day. And while it seems like terraforming works the same on Slumber Islands, the apparent addition of strafing while terraforming — instead of having to constantly reorient yourself manually — should help at least a little bit. (It’s the first thing I’m going to test on January 15th, that’s for sure.)
For me, the worst part of decorating in New Horizons was having an idea, ordering all the furniture I’d need for it over the course of days, testing out the design, realizing it did not look the way I envisioned, and facing the tedious process of breaking it all down and starting over again brick by brick — or, at the very least, having to push and pull objects around for a while to see if I could make it work. The design process I saw on Nintendo’s Slumber Island during the preview, meanwhile, seemed quicker and smoother. Trying out an idea or aesthetic in that environment doesn’t sound like such a tall order.
Without any hands-on time, I can’t say if it will actually be noticeably easier to design and decorate with the 3.0 update. But I’m excited by the idea that I can go to my Slumber Island scratch pad and try out my designs before committing to them (and the cost in bells to get it all done) on my main island. And maybe, if I really like how it feels to decorate, I’ll make an entire Halloween-themed Slumber Island — the kind of island I’ve wanted to make for years but never did on my main island, where the seasons continue to change and actively ruin the vibe.
NEWYou can now listen to Fox News articles!
Any data breach affecting 1.6 million people is serious. It draws even more attention when it involves a company trusted to guard passwords. That is exactly what happened to LastPass.
The UK Information Commissioner’s Office has fined LastPass about $1.6 million for security failures tied to its 2022 breach. Regulators say those failures allowed a hacker to access a backup database and put users at risk.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK
Why the LastPass breach still matters
LastPass is one of the most widely used password managers in the world. It serves more than 20 million individual users and around 100,000 businesses. That popularity also makes it an attractive target for cybercriminals.
The UK Information Commissioner’s Office fined LastPass for security failures tied to its 2022 breach. (LaylaBird/Getty Images)
In 2022, LastPass confirmed that an unauthorized party accessed parts of its customer information through a third-party cloud storage service. While the incident initially raised alarms, the long-term impact has taken time to fully surface.
The ICO now says the breach affected about 1.6 million UK users alone. That scope played a major role in the size of the fine.
What regulators say went wrong
According to the ICO, LastPass failed to put strong enough technical and security controls in place. Those gaps made it possible for attackers to reach a backup database that should have been better protected.
The regulator added that LastPass promises to help people improve security, but failed to meet that expectation. As a result, users were left exposed even if their passwords were not directly cracked.
Were passwords exposed or decrypted?
There is still no evidence that attackers decrypted customer passwords. That point matters.
Despite the breach, security experts continue to recommend password managers for most people. Storing unique, strong passwords in an encrypted vault is still far safer than reusing weak passwords across accounts.
As one expert noted, modern breaches often succeed after identity access rather than password cracking alone. Once attackers get a foothold, the damage can spread quickly.
Although attackers accessed a backup database, there is no evidence that customer passwords were decrypted. (Kurt “CyberGuy” Knutsson)
Why the LastPass fine is a wake-up call for cybersecurity
The ICO called the LastPass fine a turning point. It reinforces the idea that security is about governance, staff training and supplier risk as much as software.
Users have a right to expect that companies handling sensitive data take every reasonable step to protect it.
Breaches may be inevitable, but weak safeguards are not.
LastPass on the UK data breach
We reached out to LastPass for comment on the UK fine, and a spokesperson provided CyberGuy with the following statement:
“We have been cooperating with the UK ICO since we first reported this incident to them back in 2022. While we are disappointed with the outcome, we are pleased to see that the ICO’s decision has recognized many of the efforts we have already taken to further strengthen our platform and enhance our data security measures. Our focus remains on delivering the best possible service to the 100,000 businesses and millions of individual consumers who continue to rely on LastPass.”
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How to protect yourself after a password manager breach
Breaches like this are a reminder that security requires layers. No single tool can protect everything on its own.
1) Use a strong password manager correctly
Keep using a reputable password manager. Set a long, unique master password and enable two-factor authentication. Avoid reusing your master password anywhere else.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Rotate sensitive passwords
Change passwords for financial accounts, email accounts and work logins. Focus on services that could cause real damage if compromised.
3) Lock down your email
Your email account is the key to password resets. Use a strong password, two-factor authentication and recovery options you control.
4) Reduce your exposed personal data
Data brokers collect and sell personal information that criminals use for targeting. A data removal service can help reduce what is publicly available about you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
The fine sends a warning to the entire cybersecurity industry. Companies that handle sensitive data must protect it with strong safeguards and oversight. (REUTERS/Andrew Kelly)
5) Watch for phishing attempts and use strong antivirus software
After major breaches, scammers follow. Be cautious of emails claiming urgent account problems or asking for verification details. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Keep devices updated
Install updates for your operating system, browser and security tools. Many attacks rely on known vulnerabilities that updates already fix.
Kurt’s key takeaways
The fine against LastPass is about more than one company. It highlights how much trust we place in tools that manage our digital lives. Password managers remain a smart security choice. Still, this case shows why you should stay alert even when using trusted brands. Strong settings, regular reviews and layered protection matter more than ever. In the end, security works best when companies and we share the responsibility. Tools help, but habits and awareness finish the job.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Do you believe companies are doing enough to protect user data, or should regulators step in more often? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
It’s still hard to believe that Hollow Knight: Silksong actually came out this year, but now, we all have a new thing to wait for: the game is getting a free expansion in 2026, titled Sea of Sorrow. Team Cherry calls it the game’s “first big expansion.”
“New areas, bosses, tools, and more!” Team Cherry says in a blog post. “Hornet’s adventures continue in our nautically themed expansion, coming free for all players next year. We’ll keep further details a secret for now, but expect additional info shortly before Hollow Knight: Silksong – Sea of Sorrow releases.”
More than 7 million people bought Silksong, according to Team Cherry, and “millions more” played on Xbox Game Pass.
The original Hollow Knight is getting updated, too. Team Cherry is working on a Nintendo Switch 2 Edition of the game that “incorporates all the updates and enhancements that Silksong received on the platform: High frame-rate modes, higher resolutions, and many additional graphical effects.” Players who own the Switch version of the game will get the Nintendo Switch 2 Edition as a free update when it’s available in 2026.
Ahead of that launch, Team Cherry says it will be “updating all versions of the original game for current platforms, adding features and fixing bugs.” Those changes include “full 16:10 and 21:9 aspect ratio support for those of you with Steam Decks or ultrawide monitors,” and PC players can try the new updates in public beta.
Why Seattle Seahawks continue to impress Mark Schlereth
San Diego FC acquire Lewis Morgan from Red Bull New York | MLSSoccer.com
Brisa Do Mar restaurant in Milwaukee’s Third Ward has closed
Former Atlanta Hawks finance executive pleads guilty in $3.8M fraud case
Minneapolis man is third convicted in Coon Rapids triple murder
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Nick Reiner Talked Openly About His Addiction Struggles
Trump admin defends White House ballroom as national security matter
Venezuelan opposition leader Machado injured on covert Nobel Prize trip
Peace plans ready to be presented to Russia in days, says Zelenskyy
Video: Brown Student Has Survived Two School Shootings
-
Washington1 week agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa1 week agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Iowa2 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Iowa3 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Miami, FL1 week agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH1 week agoMan shot, killed at downtown Cleveland nightclub: EMS
-
World1 week ago
Chiefs’ offensive line woes deepen as Wanya Morris exits with knee injury against Texans
-
Minnesota1 week agoTwo Minnesota carriers shut down, idling 200 drivers
