Why Vigilance Matters Even More During Tax Season

Tax season is one of the busiest, and most vulnerable, times of year for individuals and businesses alike. There is a higher volume of emails, document sharing, payment activity, and time‑sensitive decisions, often under tight deadlines. Unfortunately, cybercriminals are well aware of this.

During tax season, clients rightly expect to hear from their accountant, advisor, payroll provider, or financial institution. Fraudsters take advantage of this increased activity and urgency by sending messages that look routine but are designed to deceive. Even small moments of distraction can lead to serious consequences.

That’s why awareness during tax season is especially important.

One of the fastest‑growing risks we are seeing is social phishing, also known as social engineering attacks.

What Is Social Phishing?

Social phishing is a form of fraud where scammers impersonate a trusted person or organization to manipulate you into sharing sensitive information or transferring funds.

These attempts can take many forms, including emails, phone calls, or text messages that appear to come from:

• Your accountant or financial advisor
• A business partner or colleague
• A financial institution
• A vendor or supplier

These messages often look and feel legitimate—because they’re designed to.

Why Social Phishing Is So Effective

Unlike traditional cyberattacks that focus on breaking through technical systems, social phishing targets human behavior.

Attackers use psychological tactics such as:

• Urgency: “This needs to be done immediately.”
• Authority: Pretending to be a senior leader, advisor, or trusted professional
• Familiarity: Referencing real names, projects, or recent activity
• Pressure or fear: Encouraging quick action before you have time to verify

Even experienced professionals can be caught off guard—particularly during high‑stress, high‑volume periods like tax season.

Common Types of Social Phishing Attacks

1. Email Phishing

Fraudulent emails that appear legitimate and may request:

• Passwords
• Financial information
• Payment approvals

2. Spear Phishing

Highly targeted messages customized specifically to you or your business, making them more difficult to detect.

3. Business Email Compromise (BEC)

An attacker impersonates a trusted contact—such as your accountant or CFO—and requests:

• Wire transfers
• Changes to payment instructions
• Urgent financial actions

4. Phone‑Based Scams (Vishing)

Fraudsters call pretending to represent a trusted organization, attempting to extract sensitive information or authorize transactions.

The Risks of Social Phishing

The potential impacts of these attacks can be serious and far‑reaching, including:

• Financial loss
• Data breaches
• Reputational damage
• Disruption to business operations

Unfortunately, once funds are transferred or information is shared, recovery can be extremely difficult.

How to Stay Vigilant

The good news is that a few simple habits can significantly reduce your risk.

1. Pause Before You Act

Be cautious of any communication that:

• Feels urgent
• Requests sensitive information
• Asks you to bypass established processes

2. Verify Requests Independently

If something seems off:

• Do not reply directly to the message
• Hang up and contact the individual or organization using a trusted phone number

3. Be Extra Careful With Payment Changes

Always verify:

• New banking details
• Changes to vendor payment instructions
• Unusual or last‑minute transfer requests

4. Review Email Details Closely

Watch for:

• Slight changes in email addresses
• Misspellings or unusual formatting
• Unexpected attachments or links

5. Limit Information Sharing

The less public information available about your business and internal processes, the harder it is for attackers to impersonate trusted contacts.

A Final Word

Cyber threats continue to evolve, but awareness remains your strongest defense.

Especially during tax season, taking an extra moment to confirm a request can prevent significant financial and personal loss. If something doesn’t feel right, trust your instincts.

Need Help?

If you receive a communication that seems unusual or suspicious, we encourage you to contact our team directly using a trusted phone number before taking any action.

We’re here to support you – and to help keep your information secure.