Thursday, April 9, 2026

Each year around tax season, millions of people across the country begin checking their inboxes for important financial documents, including W-2 forms, 1098-T tuition statements, and tax preparation reminders. Attackers know this.

And every spring, they launch a new wave of scams designed to take advantage of the moment.

In this final installment of season of the phish, we look at how cybercriminals use tax season to steal personal and financial information.

Lesson 3: Tax and identity theft scams

Tax-related phishing messages often create a sense of urgency.

You may see messages claiming:

  • Your tax refund is ready for processing.
  • Immediate action required to verify tax information.
  • Updated W-2 or tax documentation available.
  • Account verification needed to release funds.

These emails often direct recipients to fake login pages or request sensitive information such as Social Security numbers, banking details, or login credentials.

Students, faculty, staff, and university contractors and collaborators can all be targets.

For students, the lure may involve tuition tax forms or financial aid documents. For employees, attackers may impersonate payroll or HR systems. For researchers and clinicians, messages may appear to come from external tax or accounting services. For contractors, messages may appear to come from university administration or purchasing.

Protecting your identity

The best defense is to remember a simple rule: Legitimate organizations will not ask for sensitive information through unexpected email requests.

Before responding to a tax-related email, consider:

  • Did I initiate this request?
  • Is the message asking for personal or financial data?
  • Does the link lead to an official university or government website?

If something doesn’t seem right, stop and verify before taking action.

Report suspicious messages

If you suspect something isn’t right, report it to the UI Phishing team, ITS Help Desk, or Information Security and Policy Office so the situation can be investigated quickly.

Early reporting allows our security team to investigate and reduce the risk to others across campus.

A final word from the season of the phish

Phishing attacks succeed because they mimic everyday activities--opening documents, working with vendors, or checking financial information.

The good news is that a moment of caution can make all the difference.

By pausing before clicking, verifying unusual requests, and reporting suspicious messages, members of the university community help keep our campus systems and each other safe.

Because in the season of the phish, awareness is the best defense.

Related service(s)
IT Security Information