AI Tax Scams Surge as IRS Goes Fully Digital in 2026

As the Internal Revenue Service moves to fully digital tax operations in 2026, cybersecurity experts warn that the modernization effort is colliding with a surge in AI-driven fraud. The result is a rapidly expanding attack surface for identity theft, refund fraud, and impersonation scams.

In 2025, the IRS reported $10.59 billion in financial crime losses, with $4.5 billion tied directly to tax-related fraud. While the agency continues to strengthen its cybersecurity defenses, industry leaders say the weakest link is no longer federal infrastructure. It is the individual taxpayer.

The digitization of tax filing has streamlined processing and improved access. But it has also created new opportunities for criminals who now operate with automation, generative AI, and vast pools of scraped personal data.

Tony Jarjoura, CFO at Gigamon, says the economics of tax scams have fundamentally changed.

“AI is going to have a drastic impact on tax-related scams this year,” Jarjoura explains. “In the past, there were real barriers to entry for cybercriminals, including language limitations, technical skill gaps, and the challenge of gathering reliable personal information. AI removes those barriers, enabling threat actors to create highly convincing, hyper-personalized messages at little to no cost. As a result, we’re seeing scams that can impersonate trusted voices, replicate official-looking IRS emails, and generate polished tax documents that appear completely legitimate. What once required a coordinated criminal operation can now be carried out by a single individual using AI tools.”

In practical terms, that means phishing emails that look indistinguishable from official IRS correspondence. It means AI-generated tax forms with accurate branding and formatting. It also means deepfake voice calls that mimic a bank representative or tax preparer with unsettling precision.

Jarjoura says technology alone will not solve the problem. “These scams aren’t going away, in fact, they’re becoming easier to execute and harder to detect. The solution isn’t just better technology, but stronger awareness, clear and consistent training, and verification habits that encourage people to pause and evaluate before acting. This also means looking out for those around you, especially less savvy individuals who may be less familiar with these emerging risks. At the end of the day, if you’re ever unsure, don’t hesitate to directly contact the IRS, your tax professional, or your IT department directly for guidance.”

The convergence of tax season urgency and AI-powered impersonation creates what Greg Wetmore, Vice President of Product Development at Entrust, describes as a perfect storm.

“Tax season creates the perfect storm for fraud, heightening the urgency to share sensitive data such as Social Security numbers, income details, and banking information. The payoff for bad actors is high: a single successful scam can enable fraudsters to file a false return, steal a refund or even hijack someone’s identity for long-term financial fraud.”

Criminals exploit a predictable behavioral pattern. Taxpayers expect communication from the IRS or local tax authorities. Fraudsters insert themselves into that expectation with phishing emails, SMS messages, social posts, and spoofed websites that mimic legitimate tax portals.

“Taxpayers know the IRS and municipal tax offices will be reaching out to collect their information, and scammers exploit that trust,” Wetmore says. “Through phishing emails, texts, calls, and social media messages, they impersonate these credible authorities and direct victims to fake tax portals designed to harvest personal and financial data. Recent research shows fraudsters are using AI to scale and personalize their attacks as well, with injection attacks surging 40% year over year, and making it even harder for governments to distinguish what’s real.”

The sophistication of these attacks aligns with broader shifts in digital identity threats. Darryl Jones, VP of Product at Ping Identity, points to growing anxiety among consumers about how their personal data is handled.

“As tax season ramps up, consumers are facing a rapidly evolving threat landscape that puts sensitive financial and identity data at risk. The shift to digital tax filing, combined with the growing use of AI by cybercriminals, has made tax-related scams harder to spot and more convincing than ever. Phishing attempts impersonating trusted organizations, such as the IRS, continue to be a primary tactic, making it critical for individuals to verify the source of tax-related communications and avoid clicking on unsolicited links or attachments.”

Jones highlights a widening gap between concern and preparedness. “At the same time, concern around personal data security is clearly rising, as 75% of consumers say they are more worried about protecting their personal information today than they were five years ago. But concern alone isn’t enough. More than half of consumers (52%) report they don’t feel sufficiently informed or protected from scams by guidance from safety organizations or government institutions, underscoring a growing need for clearer education and stronger safeguards.”

Security vendors are pushing measures such as passwordless authentication, zero trust architectures, and privacy-preserving biometrics. But these enterprise-grade protections often sit outside the daily habits of individual taxpayers.

Sean Murphy, Senior Vice President at BECU, says emotional manipulation remains one of the most powerful attack vectors.

“Tax season is stressful for many, making it an ideal time for scammers to target unsuspecting and distracted taxpayers. Awareness is our first, and best, line of defense. Criminals often pose as the IRS, payroll companies, tax preparation services, or even trusted financial institutions in an effort to steal money and sensitive information.”

Murphy describes scenarios that increasingly blend technical sophistication with psychological pressure. “These schemes range from phishing emails, fake calls or texts, and social media messages to fraudulent tax filings using stolen identities, and they’re only becoming more sophisticated with the introduction of AI. Scammers can now use personal data to hyper-personalize emails and texts or create convincing AI-generated deepfakes, making scams harder than ever to spot. Picture this: you receive a convincing phone or video call from someone who sounds and acts exactly like a representative from your local bank branch They claim there’s an urgent tax-related issue with your account and pressure you to share passwords or authorize a wire transfer immediately.

It's not a clumsy scam—this impersonation is eerily accurate and emotionally manipulative. That’s because AI can scour the internet, piecing together your personal information from sources like Facebook and LinkedIn, then use it to create a realistic identity specifically designed to trick you. In the age of AI, the old advice ‘trust, but verify’ is now ‘verify, then trust’—because even your trusted financial advisor could be impersonated by an AI bot and algorithm with a really convincing story.”

The IRS digital transformation was designed to modernize services and reduce paper-based inefficiencies. But in the era of generative AI, every digital touchpoint becomes a potential spoofing opportunity.

The new reality of tax season in 2026 is not just about filing returns online. It is about defending a digital identity that criminals can now replicate, automate, and weaponize at scale.

For taxpayers, the most effective defenses remain low tech. Do not click links in unsolicited tax messages. Navigate directly to the official IRS website. Use verified phone numbers. Enable multi-factor authentication wherever possible. And when urgency is applied, pause.

In a fully digital tax ecosystem, that moment of hesitation may be the last line of defense.