216.73.216.86

Security brief: tax scams aim to steal funds from taxpayers

· Published 30/03/2026 11:16 · Modified 30/03/2026 10:12

Export JSON

Essential information

Published
30/03/2026 11:16
Modified
30/03/2026 10:12
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
bec credential theft irs impersonation phishing rmm social engineering tax scams valleyrat winos4.0
Tags
2026-03-30 bec credential-theft irs impersonation phishing rmm social engineering tax scams valleyrat winos4.0
Related entities
15 indicators, 15 observables, 15 techniques (mitre), 2 malware, 11 others

Description

Threat actors are exploiting tax season with numerous campaigns leveraging tax themes to deliver malware, remote monitoring tools, fraud attempts, and credential . Over a hundred campaigns have been observed in 2026, with a notable increase in remote monitoring and management () payloads. Tactics include impersonating tax agencies, claiming expired documents, and requesting tax filing support. While primarily targeting the United States, campaigns have also been observed in Canada, Australia, Switzerland, and Japan. Notable actors include TA4922, a newly designated threat group delivering malware from the ecosystem, and TA2730, focusing on credential for financial institutions. Business email compromise actors are also using tax form lures to steal financial and personal data. These campaigns demonstrate the ongoing exploitation of timely and topical themes by cybercriminals to deceive users.

External references