By Tyler Moffitt, Senior Security Analyst, OpenText Cybersecurity.
Tax season is officially underway: a time when W-2s, Social Security numbers, bank details, and other sensitive information is being shared in high volumes. It’s one of the most data-intensive times of the year, and puts cybersecurity front and center for you and your clients.
As filing deadlines approach, cybercriminals look to exploit that same surge of sensitive financial information. And with AI making scams more convincing and harder to detect, clients need to be aware of evolving threats, from AI-generated phishing emails to refund diversion schemes that can put their personal and financial security at risk.
To stay protected this tax season, you should reinforce a few key safeguards with your clients:
- Think before you click. AI-powered phishing emails can closely mimic the IRS, tax software providers, or even client messages. Encourage clients to avoid clicking unexpected links or downloading unsolicited attachments in email.
- Encourage direct website access. Type official IRS and tax software URLs directly into browsers rather than clicking embedded links.
- Strengthen logins: Use strong and unique passwords across email, tax software, and payroll platforms. Avoid credential reuse.
- Use multi-factor authentication: MFA adds a critical layer of protection if credentials are ever compromised.
- Use secure client portals. Share and collect tax documents through encrypted portals instead of email attachments wherever possible rather than sending attachments by email.
Security during tax season is as much a client service issue as it is an IT concern. When clients trust your firm with their most sensitive financial information, they’re counting on you to help protect it. Consistent habits, clear communication, and access to the right tools are small steps that make a big difference in keeping your firm and your clients safe.
Tax season is demanding enough without a security incident disrupting filings or eroding client trust. Taking proactive steps helps ensure sensitive information stays protected from start to finish.
To stay informed on the latest security threats facing the tax industry, visit the IRS tax scam warning page for taxpayers.
Recommended Articles
===
Tyler Moffitt is a Senior Security Analyst and Community Manager at OpenText Cybersecurity. With more than 15 years of experience in threat analysis, he has worked directly with malware samples, developed antimalware intelligence, and helped improve the Webroot platform. Tyler now bridges threat research and cybersecurity marketing, translating real world threat data into reports, campaigns, and industry insights. He regularly presents through webinars, podcasts, conferences, and media interviews, and contributes to threat reports, whitepapers, and cybersecurity research initiatives.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
