Technology
How to protect your data from IRS scammers this tax season
Scammers try to impersonate everything and everyone. They email you pretending to be your boss and ask for money, call you claiming your Microsoft account has been hacked or send phishing links for fake package deliveries.
However, the most common type of impersonation scam occurs when bad actors pose as government agencies, especially the IRS.
The Treasury Inspector General for Tax Administration (TIGTA) is aware of this and has issued a new warning for 2025 about text messages impersonating the Internal Revenue Service. I will discuss everything you need to know to avoid this new tax scam and protect your personal information.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW
A person working on their taxes (Kurt “CyberGuy” Knutsson)
The new IRS scam alert
To understand the new IRS scam, let’s first examine what it’s based on. The IRS has been sending out COVID-19 stimulus payments worth up to $1,400 to around 1 million tax filers who missed them. Initially, these payments were self-claimed, but now the IRS is automatically issuing them to ensure eligible taxpayers get what they’re owed.
This provision, known as the Recovery Rebate Credit, allows people to claim missed stimulus payments from 2021. If you were eligible but didn’t receive the funds, you can still claim them by filing a tax return by April 15, 2025. Payments will be deposited directly using the banking information listed on the taxpayer’s 2023 return or sent as a paper check.
However, TIGTA is warning that scammers are targeting taxpayers with fraudulent text messages, as reported by TaxAct. These fake texts claim that recipients will receive an Economic Impact Payment from the IRS and often ask for sensitive personal information, like bank account details or your Social Security number. Scammers use this information to steal your identity or financial data.
The IRS has made it clear that eligible taxpayers who didn’t claim the Recovery Rebate Credit on their 2021 tax return will receive their payments automatically; no action is required.
A woman working on her taxes (Kurt “CyberGuy” Knutsson)
BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS
Spotting phishing scams is more important than ever
Most phones and PCs today have enough protections to keep bad actors at bay, so in almost every case, the only way anyone can access your device and data is if you give it to them. Hackers often send phishing links that impersonate a government agency, someone you know or a trusted brand, tricking you into clicking. Once you do, malware is installed on your device to quietly collect useful data and send it to the hackers. That’s why the most important part of staying safe online is knowing how to distinguish between legitimate and scam messages emails or calls. For example, you can easily tell if a communication is from the IRS or a scam by focusing on the following key factors.
- Type of communication: The IRS will never contact you via text for things like economic impact payments or financial information requests; they will send a letter or notice through mail or fax.
- Suspicious links: Government websites always end in “.gov,” while scam texts may contain links ending in “.com” or “.net.”
- Demands or threats: Be cautious of messages that create urgency or threats and look for any oddities or misspellings in the link as well.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Illustration of items used to prepare taxes (Kurt “CyberGuy” Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
10 ways to stay safe from scammers impersonating government agencies
1. Install strong antivirus software: As scammers increasingly impersonate government agencies like the IRS through phishing links and fake messages, installing strong antivirus software is crucial to protect yourself from these threats. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Antivirus software can detect and block suspicious links, warn you about potentially harmful websites and prevent malware from being installed on your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Always verify the authenticity of unsolicited communications: If you receive an unexpected email, text or phone call claiming to be from a government agency, it’s essential to confirm its authenticity. Scammers often create a sense of urgency to trick you into taking immediate action. To verify, always use official contact details from government websites. Avoid clicking any links in the message and reach out to the agency directly to confirm whether the communication is legitimate.
3. Reach out directly if you’re unsure: When you’re unsure about the legitimacy of a message or request, contact the government agency directly using verified contact details. Never respond to the message or click on any links within it. By calling or visiting the agency’s official website, you can ensure you’re communicating with authorized representatives and avoid scammers impersonating government officials.
4. Use strong, unique passwords to protect your accounts: One of the best ways to protect your sensitive information from scammers is by using strong, unique passwords for each of your accounts. Avoid using easily guessable passwords like “password123” or “qwerty.” Instead, create complex passwords that include a mix of uppercase and lowercase letters, numbers and special characters.
Also, consider using a password manager to keep track of your credentials and ensure you’re using different passwords for each account. Get more details about my best expert-reviewed password managers of 2025 here.
5. Monitor your tax account: Regularly check your IRS account at www.irs.gov to confirm the status of your tax return, verify that no unauthorized tax filings have occurred and update personal and contact information as needed.
6. Report suspicious tax-related activities immediately: If you suspect a scam or fraudulent activity, it’s crucial to report it to the relevant authorities right away. Whether you’ve received a suspicious message or believe your information has been compromised, reporting it helps prevent further harm. The IRS and other agencies have dedicated channels for reporting fraud, so take action as soon as you can to protect yourself and others from these schemes.
7. Invest in personal data removal services: Use a personal data removal service to remove your personal information from data broker and people-finder sites, which scammers often use to find phone numbers and email addresses. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
8. Use direct deposit for refunds: This is the safest way to receive your tax refund, reducing the risk of mail theft, forgery or fraudulent check cashing.
9. Be wary of spoofed websites: Type the address of your actual tax prep site rather than clicking on a link from an email or advertisement. Investigate the domain before entering any confidential information.
10. Use an identity theft protection service: An identity theft protection service provides personal and financial monitoring and will try to help you if your identity is ever compromised. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
THE TAXING TRUTH: A STATE-BY-STATE ANALYSIS OF TAX TIME TRICKERY
Kurt’s key takeaway
Tax season is here, and with it comes an increase in scams impersonating the IRS and targeting taxpayers. The good news is these scams are often easy to spot. If you receive a text message from the IRS asking you to provide personal information, it’s a red flag; it’s not from them. Be especially cautious of any links included in the message. A legitimate URL will always end in “.gov.” However, scammers may try to trick you by altering the link slightly, so look closely for any misspellings or strange characters. If in doubt, always verify through official channels.
Do you think AI is making it easier for scammers to impersonate legitimate organizations like the IRS? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Alert: Malware steals bank cards and passwords from millions of devices.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Apple’s App Store review has yet again let at least one unofficial mobile port of a hot new game show up on the store – this time, it’s Blue Prince.
In a joint post on Monday, Blue Prince’s developer, Dogubomb, and its publisher, Raw Fury, said that they have “received reports of games claiming to be Blue Prince on iOS.” Currently, the game is only available on Steam, Xbox, and PlayStation.
I easily found one iOS copy of the game just by searching Blue Prince on the App Store – it was the first search result. The icon looks like it would be the icon for a hypothetical mobile version of the game, the listing has screenshots that look like they’re indeed from Blue Prince, and the description for the game matches the description on Steam.
But on the iOS clone’s listing, the game’s seller is listed as “Samet Altinay,” and I can’t find any connection between this person and Blue Prince outside of this App Store listing. The copyright is also attributed to “DogBomb,” instead of Dogubomb.
I purchased this unofficial version of Blue Prince, which costs $9.99, and installed it on my iPhone 16 Pro to test it out. In a few minutes of playing, it appears to be a barely-modified version of the actual Blue Prince game, though with a few tweaks to make it better-suited for mobile, like a virtual joystick. I’ve also already run into a major bug: when I tried to walk through one of the doors from the Entrance Hall, I fell through the floor.
Apple didn’t immediately reply to a request for comment. According to the listing, this unofficial mobile port is the #8 paid app in the Entertainment category on iOS. But so far, it only has one three-star review, with the writer saying they also hit a bug that caused them to fall through the floor.
Dogubomb and Raw Fury have not officially announced an iOS port of Blue Prince. “We have no news about other platforms at this time, but if that changes we will make an official announcement,” they said in the post. “While we investigate we would kindly ask that you do not purchase or download these apps.”
Apple has previously allowed copycats of games like Wordle and Palworld to appear on the App Store.
Cybercriminals always find new ways to scam you, whether it’s mimicking a government agency, creating a fake website or delivering malware disguised as a software update. Just when you think you’ve seen it all, they come up with a new trick.
This time, the FBI has issued an alert: Hackers are using a “time-traveling” technique to bypass your device’s security measures. No, we’re not talking about actual time travel (though wouldn’t that be something?). This is a sophisticated cyberattack where hackers manipulate a system’s internal clock to sneak past security defenses.
Join The FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up.
A man working on his laptops (Kurt “CyberGuy” Knutsson)
What you need to know
The concept of “time-traveling hackers” refers not to literal time travel but to a sophisticated cyberattack technique where hackers manipulate a system’s internal clock to bypass security measures. This attack is reportedly tied to the Medusa ransomware gang.
In this type of attack, hackers exploit expired security certificates by altering the system date on a targeted device to a time when those certificates were still valid. For example, a security certificate that expired in, say, 2020 could be made usable again if the system’s clock is set back to 2019. This allows malicious software signed with these outdated certificates to be recognized as legitimate by the system, effectively “traveling back in time” from a security perspective.
This technique was notably used in the Medusa ransomware attacks, which targeted critical infrastructure and prompted an FBI cybersecurity advisory (AA25-071A) earlier in 2025. The campaign has affected over 300 critical infrastructure targets. The attackers combined this method with social engineering and exploited unpatched vulnerabilities, amplifying the threat.
The FBI has warned that such attacks pose a significant risk, as they can disable modern security protections like Windows Defender by tricking the system into accepting outdated drivers or software.
A woman working on her laptop and scrolling on her phone (Kurt “CyberGuy” Knutsson)
DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS
What does the FBI recommend?
Traditional search and rescue tools, like rigid robots and specialized cameras, often struggle in disaster zones. Cameras follow only straight paths, forcing teams to cut through debris just to see further in. Rigid robots are vulnerable in tight, unstable spaces and expensive to repair when damaged. And manual probing is slow, exhausting and risks responder safety.
A man working on his laptop (Kurt “CyberGuy” Knutsson)
RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID
5 ways to stay safe from Medusa malware
1) Use strong antivirus software: A strong antivirus isn’t just for catching old-school viruses anymore. It can detect phishing links, block malicious downloads and stop ransomware before it gets a foothold. Since the Medusa gang uses fake updates and social engineering to trick users, having strong antivirus software adds a critical layer of protection against threats you might not see coming. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Enable two-factor authentication (2FA): The FBI specifically recommends enabling 2FA across all services, especially for high-value targets like webmail accounts, VPNs and remote access tools. 2FA makes it significantly harder for attackers to break in, even if they’ve managed to steal your username and password through phishing or other tactics.
3) Use strong, unique passwords: Many ransomware groups, including Medusa, rely on reused or weak passwords to gain access. Using a strong password (think long, random and unique to each account) greatly reduces that risk. A password manager can help you generate and store complex passwords so you don’t have to remember them all yourself. Get more details about my best expert-reviewed password managers of 2025 here.
4) Monitor for suspicious system time changes: The core of this “time-traveling” attack is clock manipulation: Hackers roll back a device’s clock to a time when expired security certificates were still valid. This allows outdated and potentially malicious software to appear trustworthy. Be alert to unexpected system time changes, and if you’re managing an organization, use tools that flag and log these types of configuration shifts.
5) Keep systems updated and patch known vulnerabilities: The Medusa ransomware campaign has a track record of exploiting unpatched systems. That means old software, outdated drivers and ignored security updates can all become entry points. Regularly installing updates for your OS, applications and drivers is one of the most effective ways to stay protected. Don’t put off those system notifications; they exist for a reason.
CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC
Kurt’s key takeaway
The Medusa attack is a good example of how cybercriminals are shifting tactics. Instead of relying on traditional methods like brute force or obvious exploits, they are targeting the basic logic that systems depend on to function. In this case, it is something as simple as the system clock. This kind of strategy challenges the way we think about security. It is not just about building stronger defenses but also about questioning the default assumptions built into the technology we use every day.
How do you think technology companies can better support individual users in protecting their data and devices? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
A group of people sued Nike this week over its decision to wind down its virtual show project RTFKT last year. The buyers of the digital assets accuse Nike of causing “the rug to be pulled out from under them,” and say they wouldn’t have bought its NFTs if they’d known they were “unregistered securities,” reports Reuters.
Filed in New York’s Eastern District, the proposed class action lawsuit seeks “unspecified damages of more than $5 million for alleged violations of New York, California, Florida and Oregon consumer protection laws.”
Nike tried to jump into the NFT game by buying RTFKT in 2021. But, like Starbucks Odyssey, it never quite worked out and the company abandoned the idea, announcing in December via the RTFKT X account that it planned to “wind down RTFKT operations” by the end of January this year.
EU Commission seeks to bridge generation gap with 'fairness index'
Trump's 100-day report card. And, a student protester speaks from detention
Scott Peterson asks for murder conviction to be tossed, citing 'substantial new evidence'
ACLU of Indiana sues Trump admin, claims DHS violated rights of foreign students
Arizona to verify up to 50K people from voter rolls who failed to prove citizenship
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Death of missing Oregon girl found in stream ruled homicide
EU Commission seeks to bridge generation gap with 'fairness index'
Trump's 100-day report card. And, a student protester speaks from detention
Greg Casar Pitches a ‘Resistance 2.0’ for Democrats in the Age of Trump
US strikes kill hundreds of Houthi fighters, hit over 800 Red Sea targets: Central Command
Trump-China tariff war: Who’s winning so far?
-
Politics1 week agoVideo: Hegseth Attacks the Media Amid New Signal Controversy
-
News1 week agoHarvard would be smart to follow Hillsdale’s playbook. Trump should avoid Biden’s. | Opinion
-
Culture6 days agoNew Poetry Books That Lean Into Calm and Joy Amid Life’s Chaos
-
News1 week agoMaps: Where Do Federal Employees Work in America?
-
Technology1 week agoPete Hegseth reportedly spilled Yemen attack details in another Signal chat
-
Politics1 week agoPope Francis and US presidents: A look back at his legacy with the nation's leaders
-
World1 week agoNew Zealand’s minor gov’t party pushes to define women by biological sex
-
Politics1 week agoJD Vance has ‘exchange of opinions’ on issues like deportations during meeting with top Vatican official