Your 2020 tax scam training guide

Tyler Schultz
January 4, 2020 by
Tyler Schultz

Hold on to your W-2s and returns because tax season is here! As if deductions, exemptions and return distribution wasn’t enough, tax season becomes open season for cybercriminals hunting for sensitive information, credentials and even a direct deposit of your employees’ tax returns.

To help you prepare your employees and protect your organization from the upcoming tax season scams, we compiled our top tax season phishing templates and training recommendations plus a free phishing poster and email template to help you communicate the importance of tax season security for every employee at your organization.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

Is your organization susceptible to phishing attacks? Find out today with a free Phishing Risk Test!

Run Free Test

Jump ahead

Tax season phishing templates

Each of the following phishing templates are available in the Infosec IQ security awareness and training platform, allowing you to launch a simulated phishing campaign to test employees and deliver training to those who need it most.

1. W-2 attachment attack

Attack type: Attachment

Attack objective: Deliver malware

Infosec IQ template option: Tax forms - Attachment w/ drive-by link (Attachment)

W-2 phishing attacks come in many shapes and sizes and often strike in January, when employees are waiting to receive their W-2 from their employer. In this phishing email, the attacker baits the victim into clicking a malicious link or downloading a malicious attachment to install malware on their machine.

2. W-2 business email compromise (BEC) attack

tax season phishing templateAttack type: BEC

Attack objective: Steal employee or organization information

Infosec IQ template option: W-2 Request (BEC)

In this W-2 attack, the scammer poses as a manager or executive and targets HR staff to steal the W-2s and personal information of employees. With this BEC attack, the scammer doesn’t need access to a network or business systems. Instead, they only need the victim to reply to the email with the requested information.

3. Free online access to tax forms

Attack type: Drive by or data entry

Attack objective: Steal employee information or credentials

Infosec IQ template option: Tax Form Management Access (Drive by)

Generic offers to access your tax documents are another popular phishing tactic used to redirect victims to a malicious website. These attacks may also redirect the victim to a spoofed login page to steal the victim’s personal information such as their social security number.

4. Tax preparation software drive by

Attack type: Drive by

Attack objective: Redirect to malicious site

Infosec IQ template option: H&R Block - File Your Taxes (Drive by)

Some scams approach tax season from the opposite direction by impersonating tax preparation software, services or CPAs. These attacks work like most common drive by attacks, but leverage tax season to create urgency with short-term or extravagant offers.

5. Tax return credential theft

Attack type: Drive by or data entry

Attack objective: Steal employee information or credentials

Infosec IQ template option: TurboTax - Return Accepted (Drive by)

In an even more sinister variation to tax preparation scams, some hackers attempt to steal login credentials to access victims’ tax software accounts. Once gaining access, attackers can retrieve personal information and documents or interfere with the victim’s filing process or tax return.

6. IRS tax notice

Attack type: Attachment, drive by or BEC

Attack objective: Steal employee information or credentials

Infosec IQ template option: Tax Notice (Drive by)

Although the IRS insists it will never contact taxpayers via email, text message or social media, scammers continue to use these tactics to trick victims into clicking malicious links, downloading attachments or even sending payments. Although these attacks peak during tax season, they are frequently used year-round.

Get the Templates

Training recommendations

Phishing In Brief

An abbreviated version of our core phishing training, this module will introduce learners to the concept of phishing, teach them how to quickly identify phishing messages and show them how to verify whether or not a message is legitimate.

Social Engineering Brief

This module walks learners through the key components of social engineering and how to recognize and respond to suspicious requests.


This interactive training module covers voice phishing, or vishing, a simple but effective technique cyber criminals and scam artists use to collect confidential information.


Spearphishing occurs when phishing messages are tailored for targeted individuals. This interactive module will help teams identify and avoid spearphishing attempts.

Malware Brief

An abbreviated version of our core malware training, this module focuses on three key ways to prevent malware infections, details common sources of malware infections and discusses methods to help users avoid unsafe files.

Preview Training Modules

phishing poster

Phishing attack type poster

Reinforce phishing training offline with this free poster covering common phishing attack types including tax scams.

Download Free

Internal communication template

Communicate the importance of cybersecurity during tax season to every employee with this email template.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Download Free

Together, let’s stay cybersecure this tax season!

Tyler Schultz
Tyler Schultz

Tyler Schultz is a marketing professional with over seven years of experience delivering SaaS solutions to organizations of all sizes. As a product marketing manager at Infosec, he is dedicated to helping organizations build strong cybersecurity cultures and meet their security awareness goals. He helps the Infosec team push the boundaries of effective and engaging security awareness training with a focus on experiential learning, gamification, microlearning and in-the-moment training. Tyler is a UW-Madison and UW-Whitewater graduate and Certified Security Awareness Practitioner (CSAP).