The IRS has confirmed a significant increase in tax-related financial crimes in 2025, with total fraud losses reaching $106 billion. That's nearly a 16 percent rise from 2023, according to official figures.
While most of these losses affected individual tax refunds, businesses were also targeted — especially through impersonation scams that exploit trust in known government brands.
These scams tend to peak during tax season. Fraudsters impersonate the IRS, Treasury, or other agencies in emails, texts, and social media messages. Their aim is to trick recipients into disclosing financial data, clicking malicious links, or downloading malware. The full list of tactics is published in the IRS Dirty Dozen list.
Email impersonation tactics bypass standard controls
Scammers are increasingly using advanced spoofing to avoid detection. According to the IRS, they mimic IRS formats, spoof email display names, and link to real IRS web content to appear legitimate.
Messages may direct users to lookalike domains or malware-laden attachments disguised as tax forms. Some impersonate IRS contacts and create urgency with claims of overdue payments or pending refunds. These social engineering tactics often succeed when staff are busy or unaware of tax-season scams.
Financial and operational impact for finance teams
These scams create dual risks for finance leaders: reputational damage from vendor data breaches and financial loss from redirected or fraudulent payments.
Even if attackers initially target individuals, businesses can be affected. A single malicious link or shared credential may compromise payment workflows and expose vendor systems.
What finance leaders can do next
Accounts payable, finance, and treasury teams should take proactive steps now. Based on current IRS guidance, key actions include:
- Reviewing protocols for handling tax-related messages
- Training staff to avoid links in unsolicited IRS communications
- Reporting suspicious messages to phishing@irs.gov, as outlined in the IRS scam reporting guidelines
- Verifying all vendor banking changes outside of email channels
Even one mistake can expose critical payment processes to fraud.
Eftsure helps prevent email-based payment fraud
Eftsure helps finance leaders protect their organizations from impersonation scams. It validates vendor data, verifies payment details in real time, and monitors transactions for signs of fraud.
If a fraudster impersonates a vendor or government agency, Eftsure provides an independent verification layer to reduce risk before funds are released.
Book a demo
Scammers don't wait until you're ready. Get ahead of the risk today.
Book an Eftsure demo to see how real-time verification can protect your payments and vendors.
