By Dr. Sangeeta Chhabra
Tax season, even in the best of times, demands a lot of attention to clients, your processes, and everything that comes with it. This coming season, the stakes are higher than usual due to the rise in artificial intelligence-powered cyber threats.
According to the latest Microsoft Digital Defense Report, at least 52% of cyber incidents were driven by financial gain, while those focused solely on espionage accounted for just 4%. The growing use of AI has amplified this trend, enabling cybercriminals to accelerate malware development and generate realistic synthetic content, which increases the effectiveness of phishing, ransomware, and other social engineering attacks.
Not only that, the IRS’s latest alert highlights the rise of fake W-2 forms, spoofed e-filing emails, and identity theft attempts that closely mimic legitimate communications.
While such threats are not entirely new, they have matured and become more real, irrespective of whether you are a business, a professional, or an individual. So, what is an firm leader to do? Moreover, what should you be on the lookout for?
Recommended Articles
Taxes October 30, 2025
5 Steps to Make Tax Season Workflow Smoother
The new risks
Not too long ago, scam emails were easy to spot. They were full of spelling mistakes, odd phrases, and a general lack of polish. That’s not the case anymore. Now, online fraud has become more refined and far harder to detect. An academic study, Phishing Attacks in the Age of Generative Artificial Intelligence, shows how AI is being exploited to create phishing attacks, making them harder to detect. The people behind these attacks now rely on AI that can draft messages, engage in conversations, and even learn from our reactions.
Here are several examples of the types of attacks to be aware of now:
1. Deepfake audio: It is easier to impersonate someone by imitating their voice or creating deepfake videos. Don’t be fooled if you receive a voice clip with your tax advisor’s voice or a deepfake video with someone from your audit firm asking for sensitive information. It could be an AI-powered cyberattack.
2. Highly personalized phishing: While phishing has been around for years, AI has made it more sophisticated. The phishing email can now be very personalized using publicly available data from past filings. Add the urgency of tax filing season, and a slip-up becomes more likely.
3. Cloud document scams: Many fake websites that mimic prominent tax software vendors or tax audit portals mushroom during the tax season. These websites have embedded malware or credentials traps.
4. AI‑enabled credential harvesting and automated attacks: AI has made it easier, more economical, and efficient to scale up credential stuffing and customize phishing messages. All this makes people more vulnerable, especially during the tax season.
Implications for business professionals and tax teams:
- Reputation and trust: Any slip-up can tarnish reputation and lead to loss of credibility. This could even lead to audits.
- Operational disruption: Any breach could trigger safety protocols, leading to locking access to critical tax documents at a critical point in time, causing delays in filing.
- Regulatory/compliance risk: The adoption of AI-based tools by tax authorities can lead to even the smallest inconsistencies being flagged, which might have gone unnoticed in the past.
- Data sensitivity: Tax data contains rich, personal, and financial information ripe for theft.
Recommended Articles
Technology September 4, 2025
Key Steps to Improving Threat Prevention in Your Accounting Firm
How to stay one step ahead: Practical measures
Staying relatively secure against AI-driven attacks requires more than tools. It demands awareness, agility, and accountability across every level of your organization.
Here are a few actionable steps to strengthen your defenses this tax season:
1. Educate and train continuously: Cybersecurity begins with people. Regularly educate employees, clients, and partners about phishing, impersonation, and other social engineering tactics that exploit human trust. A well-informed team can recognize red flags and prevent breaches before they occur.
Recommended Articles
Technology April 1, 2024
Elevating Your Business Through Security Training
2. Strengthen authentication and access controls: Multifactor authentication (MFA) is no longer optional. Research by Microsoft shows that MFA can block more than 99.2% of account compromise attacks.
Every critical system should have MFA enabled, and access rights should be reviewed periodically to detect and correct weaknesses. Limiting privileges and monitoring logins can significantly reduce the likelihood of compromise.
3. Secure the document workflow: Tax data is among the most sensitive business information. Always encrypt tax documents, avoid sharing them via unprotected email, and rely only on verified and encrypted file-sharing platforms.
Hosting and sharing documents through a secure cloud environment adds a layer of protection by ensuring data is encrypted in transit and at rest, backed by continuous monitoring, access controls, and regular backups. Combine this with a zero-trust approach to every transaction to minimize risk and maintain complete data integrity.
4. Implement AI-aware security tools: AI is not just a weapon for attackers; it is also a powerful shield for defenders. Strengthen your security posture by deploying a managed endpoint detection and response (EDR) solution that offers email filters, behavior-based anomaly detection, and deepfake recognition tools that can identify and block threats in real time.
It continuously monitors endpoints across your business, detects abnormal activity, and responds to threats before they escalate. By leveraging managed EDR services, firms benefit from 24/7 protection, proactive threat hunting, and rapid incident containment without the complexity of managing these systems in-house.
5. Prepare a breach response and recovery plan: Even the most advanced tools cannot guarantee complete protection. Develop a clear Written Information Security Plan (WISP) that outlines how your IT, legal, and compliance teams will respond to incidents such as phishing or ransomware attacks.
Document roles, escalation paths, and communication protocols to enable the organization to respond quickly and minimize damage.
Recommended Articles
Technology October 16, 2025
Why Now’s the Time to Review Your WISP
6. Keep human oversight at the core: Automation cannot replace judgment. Human validation remains critical for reviewing alerts, verifying fund transfers, and approving sensitive actions. Encourage practices such as dual verification, independent audits, and periodic manual reviews to complement automated systems.
7. Build a culture of zero trust: In today’s evolving cyber landscape, every access request must be verified, and every device or user must continually earn trust. Organizations that embed this “never trust, always verify” mindset across departments create a resilient culture that technology alone cannot achieve.
8. Validate and monitor after filing: Once returns are filed, the process does not end. Continuous monitoring and document verification help detect anomalies or mismatched data that may trigger AI-based audit flags or fraudulent claims.
Protecting more than profits
The only way to stay ahead of cyberattacks next tax season is to move from a reactive mindset to a proactive security strategy. Always assume that someone, somewhere, is using AI to test your defenses. Your job is to stay one step ahead and ensure they fail.
Stay vigilant, stay informed, and remember that the smartest move this tax season is not just keeping your numbers right, but keeping your guard up.
ABOUT THE AUTHOR:
Dr. Sangeeta Chhabra, co-founder and executive director of Ace Cloud Hosting, is a leader and innovative entrepreneur with more than 20 years of experience in the IT sector. She has positioned the company as a leading global provider of IT and managed cloud services, celebrated for its QuickBooks hosting tailored for the accounting sector, managed security services, Desktop as a Service, and public cloud offerings for SMBs and enterprises. Under her leadership, Ace Cloud Hosting was honored as the Best Outsourced Technology Provider at the CPA Practice Advisor Readers’ Choice Awards 2023, among other accolades. Beyond her professional successes, Dr. Chhabra is a passionate advocate for women’s empowerment and is committed to fostering an inclusive environment at Ace Cloud Hosting.
Photo credit: Saksit Sangtong/iStock
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
