From sophisticated phishing to deepfake impersonations and mobile-first attacks, AI is helping scammers scale and personalize their efforts in ways that traditional defenses may not catch. And for those responsible for protecting company funds, it’s no longer just an IT problem—it’s a finance one, too.
What are AI scams? If you’re just catching up on how AI is being used by threat actors, check out our AI scams explainer for finance.
Here are 14 tactics finance leaders need to understand—and how to help your team avoid them.
AI-powered language tools allow scammers to craft highly convincing emails that mimic IRS tone and branding. These emails often contain attachments disguised as tax documents or refund claims, and aim to extract sensitive information or trigger fraudulent payments.
According to the FBI’s Internet Crime Report, phishing alone accounted for over $2.7 billion in reported losses last year.
Cybercriminals are deploying bogus AI bots that pretend to offer tax support, but instead collect login credentials or redirect users to malicious websites. They mimic the look and feel of real AI-powered platforms.
See how scammers are using AI tools in finance fraud.
Voice and video deepfakes are used to impersonate familiar figures—from IRS agents to executives or family members. One finance worker was recently tricked into transferring $39 million after a deepfake video call impersonated their boss.
Tax-themed attachments—like W-9s or vendor onboarding forms—are increasingly being used to deliver malware. Once opened, these files can provide access to internal finance systems or steal user credentials.
Scams delivered via text message appear to come from the IRS or trusted tax platforms. They often link to spoofed websites asking for login credentials or payment details.
Scammers now send malicious QR codes by email or print. When scanned, they lead users to phishing pages disguised as tax portals or invoice platforms—an evolution explored in this Proofpoint analysis.
On unofficial app stores, fake IRS-themed tax apps have been discovered harvesting user credentials and sensitive payment data.
Modern scam sites adjust their layout depending on the device used. They may look different on mobile versus desktop to better mimic legitimate platforms and reduce suspicion.
Links to files hosted on Google Drive or OneDrive are often trusted by default. Scammers exploit this trust to deliver malware via cloud-based PDFs and forms.
Scammers register domains like irs-gov.com or secure-tax.net that closely resemble official sites, tricking users into logging in or uploading sensitive documents.
By registering domains with subtle misspellings (e.g. irs.giv), scammers lure users into trusting fraudulent websites. There was a surge in IRS-themed phishing domains last tax season, including subtle lookalikes like irs-gov.com.
When legitimate business domains expire, scammers sometimes re-register them to rebuild a façade of trust. These domains are then used to deliver phishing emails or malware under the guise of a known entity.
Some scammers use search engine optimization (SEO) techniques to push fake tax help or refund sites to the top of Google search results—especially during peak filing periods.
LLM tools are being used to create scam websites that include realistic FAQs, customer reviews, chatbots, and even refund calculators—all designed to appear credible to busy users.
See how scammers are using AI to rewrite invoice details.
You don’t need a cybersecurity background to help protect your company from these risks. A few practical steps:
Even if a phishing email slips through, it doesn’t have to end in fraud. Tools like Eftsure offer real-time verification of supplier bank details, helping finance teams avoid sending money to the wrong people. With over $288 billion in B2B payments safeguarded last year, Eftsure helps bridge the gap between cyber threats and financial controls—especially during high-risk periods like tax season.
Want to see how it works? Book a demo and learn how Eftsure can help your team protect every payment.
AI voice scams are targeting finance teams—using deepfake tech to mimic executives and authorise payments. Learn how they work—and how to stop them.
A cyberattack on Aussie super funds reveals major control gaps. Learn what finance leaders must do now to protect payments and prevent fraud.
TOGA’s data breach highlights growing cyber risks for finance teams. Learn what Akira’s ransomware attack means for your third-party exposure.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
