Tax season is prime time for scammers. And in 2026, the scams are more convincing, more targeted, and increasingly powered by AI.
In this guide, we break down this year’s biggest tax scams from the IRS Dirty Dozen and show how tools like McAfee’s Scam Detector help flag malicious links, scan suspicious QR codes, and analyze risky messages across text, email, and social media to help you stay ahead of fraud.
The need for that kind of protection is clear. New McAfee research shows:
Tax scams are not just increasing. They are getting harder to recognize in the moment.
The IRS Dirty Dozen is the agency’s annual list of the most common and dangerous tax scams targeting individuals and businesses.
The 2026 list highlights a clear shift toward:
These scams are designed to create urgency, confusion, and quick decisions. That combination is what makes them effective.
Below is a full breakdown of all 12 scams identified by the IRS, along with what to look for and how protection tools can help.
| # | Scam Type | How It Works | Red Flags | How McAfee Helps |
| 1 | IRS impersonation (email, text, DM) | Messages claim to be from the IRS asking you to verify info or claim a refund | Urgent tone, links, QR codes, unexpected outreach | Scam Detector flags suspicious messages and links across text, email, and social. Safe browsing blocks fake IRS sites if you click |
| 2 | AI voice scams and robocalls | AI-generated calls mimic IRS agents or officials | Threats, payment pressure, spoofed caller ID | Scam Detector helps validate follow-up messages or links tied to the call. Identity monitoring helps detect if your info is being used in impersonation attempts |
| 3 | Fake charities | Scammers pose as charities to collect donations or data | Emotional appeals, vague organization details | Scam Detector flags suspicious donation links. Safe browsing blocks fraudulent charity sites. Personal Data Cleanup reduces exposure to targeting lists |
| 4 | Social media tax misinformation | Viral posts push fake deductions or “tax hacks” | Promises of large refunds or loopholes | Scam Detector’s screenshot analysis lets you check social posts and DMs before acting, helping identify misleading or risky claims |
| 5 | IRS account takeover scams | Criminals use stolen data to access IRS accounts | Alerts about account changes you didn’t initiate | Identity monitoring and alerts notify you if your data is exposed. Device security helps prevent malware used to steal credentials |
| 6 | Abusive capital gains schemes (Form 2439) | Fake or inflated claims tied to investment credits | Complicated filings tied to unfamiliar organizations | Scam Detector flags suspicious messages and links. Safe browsing blocks fraudulent filing sites tied to these schemes |
| 7 | Fake self-employment tax credit | Misleading claims about eligibility for large credits | “You qualify” messaging without verification | Safe browsing blocks scam sites attempting to capture personal or tax info |
| 8 | Ghost tax preparers | Preparers refuse to sign returns or provide credentials | No PTIN, vague business identity | Scam Detector helps assess suspicious messages or outreach. Identity monitoring adds protection if your data is shared with a bad actor |
| 9 | Non-cash donation schemes | Inflated valuations used to reduce tax liability | Unrealistic deductions, aggressive promoters | Scam Detector flags suspicious offers and links. Safe browsing blocks sites attempting to collect sensitive financial data |
| 10 | Overstated withholding scams | False income or withholding reported to inflate refunds | Encouragement to “boost” refund numbers | Scam Detector flags misleading content. Device security helps protect against malware tied to fake filing tools |
| 11 | Spear phishing targeting tax pros | Emails designed to steal client or business data | Unexpected document requests, attachments | Scam Detector detects phishing attempts. Safe browsing blocks malicious links. Device security helps prevent malware installs |
| 12 | Offer in Compromise scams | Companies overpromise tax debt relief and charge high fees | High-pressure sales tactics, guaranteed outcomes | Scam Detector flags suspicious outreach. Personal Data Cleanup reduces targeting. Identity monitoring helps catch misuse of your data |
Tax scams rarely rely on just one tactic. A message leads to a link. A link leads to a fake site. A fake site leads to stolen data or payment.
That is why protection needs to work across the full chain, not just one moment.
McAfee goes beyond traditional antivirus by combining multiple layers of digital protection into one app, helping you stay safer before, during, and after a scam attempt.
Here is how each layer helps:
Together, these protections help you do more than react to scams. They help you spot them earlier, avoid risky situations, and recover faster if something goes wrong.
The post How to Protect Yourself Against Tax Scams in 2026 appeared first on McAfee Blog.
Watching OpenClaw do its thing must be like watching the first plane take flight. It's a bit rickety and stuck together with a lot of sticky tape, but squint and you can see the potential for agentic AI to change the world as we know it. And I don't think that's hyperbolic. A lot of what people claim to have done with it is hyperbolic, and as with all new tech, the challenge is to cut through the noise and find the value. Stay tuned for more on that, as I've already found some really useful applications for it to help me do my job better, which I think I should devote my next weekly vid to just that.
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.
Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.
A snippet of the malicious CanisterWorm that seeks out and destroys data on systems that match Iran’s timezone or have Farsi as the default language. Image: Aikido.dev.
In a profile of TeamPCP published in January, the security firm Flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.
“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare’s Assaf Morag wrote. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”
On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner Trivy from Aqua Security, injecting credential-stealing malware into official releases on GitHub actions. Aqua Security said it has since removed the harmful files, but the security firm Wiz notes the attackers were able to publish malicious versions that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users.
Over the weekend, the same technical infrastructure TeamPCP used in the Trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user’s timezone and locale are determined to correspond to Iran, said Charlie Eriksen, a security researcher at Aikido. In a blog post published on Sunday, Eriksen said if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on every node in that cluster.
“If it doesn’t it will just wipe the local machine,” Eriksen told KrebsOnSecurity.
Image: Aikido.dev.
Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” because the group orchestrates their campaigns using an Internet Computer Protocol (ICP) canister — a system of tamperproof, blockchain-based “smart contracts” that combine both code and data. ICP canisters can serve Web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. These canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online.
Eriksen said the people behind TeamPCP are bragging about their exploits in a group on Telegram and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm.
“When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,” Eriksen said. “It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have.”
Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure that any code packages tainted with their malware will remain prominent in GitHub searches. In a newsletter published today titled GitHub is Starting to Have a Real Malware Problem, Risky Business reporter Catalin Cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell GitHub stars and “likes” to keep malicious packages at the top of the GitHub search page.
This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. At the end of February, Trivy was hit as part of an automated threat called HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.
Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend’s mischief. But he said there is no reliable way to tell whether TeamPCP’s wiper actually succeeded in trashing any data from victim systems, and that the malicious payload was only active for a short time over the weekend.
“They’ve been taking [the malicious code] up and down, rapidly changing it adding new features,” Eriksen said, noting that when the malicious canister wasn’t serving up malware downloads it was pointing visitors to a Rick Roll video on YouTube.
“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen said. “I feel like these people are really playing this Chaotic Evil role here.”
Cimpanu observed that supply chain attacks have increased in frequency of late as threat actors begin to grasp just how efficient they can be, and his post documents an alarming number of these incidents since 2024.
“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.”
Update, 2:40 p.m. ET: Wiz is reporting that TeamPCP also pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx, and that the scanner’s GitHub Action was compromised between 12:58 and 16:50 UTC today (March 23rd).
Login