I run an IT and cybersecurity company in New Mexico and Pennsylvania, and over 17 years I've watched the technical side of how these scams actually work. What most people miss is that scammers are now using spoofed caller IDs that make it look like the IRS or Social Security is calling--your phone literally displays "Internal Revenue Service" with a Washington DC area code. We've had clients at medical offices and real estate firms get these calls, and even tech-savvy staff almost fell for it because the number looked legitimate. The AI piece is getting scary. We're now seeing deepfake voice calls that sound exactly like a government agent, complete with background office noise and hold music. One of our healthcare clients received an email with a fake IRS portal that was nearly pixel-perfect--it even had real security badges at the bottom. These phishing sites are hosted on compromised servers that pass basic security checks, which is why I tell our clients to never click email links. Always type IRS.gov directly into your browser. What retirees don't realize is that scammers specifically target RMD season because they know you're expecting communication about required distributions. We saw this with a client who got a "urgent tax penalty notice" about their RMD in January--it looked official but was designed to steal their brokerage login. The giveaway was that it asked for immediate portal access instead of mailing a letter. From a tech standpoint, enable two-factor authentication on everything--IRS accounts, Social Security, email, banking. We set this up for our older clients and it stops 99% of account takeovers even if they accidentally give up a password. The IRS also has an Identity Protection PIN program that prevents someone from filing a fake return in your name, and I push every retiree to enroll before tax season starts.
Vice President of Business Development at Element U.S. Space & Defense
Answered 3 months ago
I'm not a tax expert, but I've spent 25 years in business development and operations across defense and aerospace, working with companies navigating complex regulatory environments. What I've seen is how scammers exploit the same vulnerabilities in both contexts--trusted processes, technical jargon, and official-sounding credentials. One pattern I noticed during COVID was how quickly fraudsters adapted their approach when regulations changed overnight. We had clients receiving emails that looked identical to legitimate compliance notices, down to the logos and formatting. Retirees face the same thing with tax documents--scammers now replicate IRS letterhead and use language pulled directly from real forms. The tell is always in the action requested: legitimate agencies give you time and multiple contact options, never just one urgent path. From my work on advisory boards, I've learned that people trust formal titles and institutional language too easily. A scammer who opens with "This is the Taxpayer Advocate Service regarding your Medicare premium adjustment" sounds credible because it combines real agencies with plausible concerns. I always tell people: if you didn't initiate the contact and they're asking you to confirm details *you* should already have on file, stop immediately. The most practical defense I've seen work is the same one we use for vendor verification in aerospace contracts--never use contact information provided in the suspicious communication. Look up the official number independently, call directly, and reference any case numbers they mentioned. It takes five extra minutes but eliminates nearly every scam attempt.
I've spent 40+ years representing Georgia families who lost everything to corporate negligence, and I've seen how scammers use the same playbook: they exploit trust, create panic, and disappear with the money before victims realize what happened. The patterns in fraud cases aren't that different from tax scams--it's about manipulating someone when they're most vulnerable. One thing I've noticed from clients who are retirees: scammers are now impersonating Medicare and Social Security simultaneously during tax season. They'll call saying there's a "problem with your Medicare number that's affecting your tax return" and demand immediate verification. It's brilliant and evil--they're combining two trusted systems that retirees interact with constantly, making the scam feel legitimate. What I tell every client over 65: the government already has your information. If the IRS, Social Security, or Medicare needs something from you, they'll send a letter to your physical address first--not a text, not a robocall, not an email with a countdown timer. I had a client nearly wire $8,000 to "fix" a Social Security tax issue that didn't exist because the caller knew her benefit amount and Medicare number (likely from a prior data breach). The biggest protection is simple: never act on fear in the moment. Hang up, call your family, then call the official agency directly using a number you find yourself. One phone call to a trusted person breaks the spell these scammers cast.
I run an enterprise-grade cybersecurity company, and one pattern we're seeing right now is fake "tax transcript request" texts that look like they're from IRS.gov but actually redirect to cloned pages harvesting IP PINs and SSNs. The URLs use tiny character substitutions--like irs-gov.secure-verify.com--that look legitimate on a phone screen. We've blocked over 40 of these domains for clients just since December, and retirees are the primary targets because scammers know they're more likely to request transcripts for Medicare premium calculations or IRMAA appeals. The other major shift is "helpful tax preparer" scams on Facebook and community forums. A client's mother-in-law in a Central Florida retirement community got friend requests from someone posing as a local CPA offering free filing help for seniors--they collected W-2s, 1099-Rs, and Social Security statements, then filed fraudulent returns and stole refunds before anyone realized. What made it convincing was the scammer spent weeks building rapport in local groups, posting recipes and event photos to look like a real neighbor. From our SOC monitoring, we see credential stuffing attacks spike 40%+ during tax season targeting email accounts tied to Social Security logins. Retirees reuse passwords across sites, so when an old breach database surfaces, attackers test those credentials against SSA.gov and MyMedicare.gov. The fix is simple: use a password manager and turn on login notifications so you get an alert the second someone tries accessing your account from a new device. We walk clients through this during our security training refreshers, and it's stopped multiple account takeovers before damage happened.
I'm Michael Spitz, a CPA in Gilbert, Arizona with 15+ years handling tax prep and fraud prevention for individuals and businesses. I've seen the scam landscape shift dramatically, especially around the methods that bypass traditional red flags. The biggest shift I'm seeing in 2026 is "tax preparer impersonation" scams. Retirees get calls from someone claiming to be from a major tax prep chain saying there's an error on last year's return that needs immediate correction. They already have partial info--your name, approximate refund amount--which they pull from data breaches. Then they ask you to "verify" your Social Security number to fix it. I had a client almost fall for this because the scammer knew she'd filed jointly and mentioned her spouse's first name. What retirees miss is that the IRS will never call you first about a balance due or threaten arrest. They mail letters. Period. But here's what's tricky--scammers now send fake IRS letters via USPS that look incredibly real, then follow up with a phone call referencing that letter number. Always verify any IRS correspondence by calling the main IRS number yourself, never the number on the letter. The pension and RMD angle is huge because scammers know these are predictable annual events. I tell my clients to set up their IRS online account at IRS.gov before tax season so they can see their actual tax transcripts. If a scammer calls claiming you owe money, you can log in and verify instantly. That one step has saved multiple clients from wiring thousands to fake "IRS payment portals."
I've trained thousands of investigators and intelligence professionals who've worked financial fraud cases, and here's what they're seeing in 2026 that nobody's talking about: scammers are now targeting Medicare Advantage and Part D premium confusion. Retirees get what looks like a "tax credit adjustment notice" claiming they overpaid premiums and qualify for a refund--but first they need to "verify" their Medicare number and bank details. We've seen this hit our law enforcement students' own family members. The other massive shift is fake CP2000 notices about unreported income. Scammers know retirees often have multiple 1099s from interest, dividends, and distributions, so they send official-looking letters claiming the IRS found a "mismatch" that requires immediate payment to avoid liens. Real CP2000s give you 30 days and never demand same-day payment or gift cards. I built Amazon's Loss Prevention program from scratch, and this mirrors retail fraud tactics--create urgency, limit victim thinking time, demand irreversible payment methods. What gets retirees caught is they're actually trying to be compliant. Someone who spent 40 years following the rules doesn't want IRS trouble, so when they see "final notice" or "warrant issued," they panic and act. From our investigations training: criminals exploit responsibility, not ignorance. That's why I tell people in our certification programs--the IRS sends letters first, always. If your first contact is a phone call or email, it's fake, period. The one thing retirees miss is that scammers are patient now. They'll send a fake notice, wait two weeks, then "follow up" so it feels like a real bureaucratic process. I teach this in our fraud investigation courses: layered deception beats single-contact scams because it builds false legitimacy. If you get any tax communication that requests action, call your CPA or the IRS directly using the number on last year's actual correspondence--never the number provided in the suspicious contact.
I'm Samuel Landis, a tax attorney who's spent 15+ years resolving IRS controversies and teaching tax law in Los Angeles. I work daily with clients navigating audits, levies, and enforcement issues--including retirees who've been scammed or mistakenly targeted. The scam I'm seeing explode right now targets Required Minimum Distributions. Scammers send official-looking notices claiming your RMD wasn't properly reported and penalties are accruing daily--then offer to "file an amended return" for a fee. They're exploiting the fact that RMD rules confuse even sophisticated taxpayers, and the penalty for missing one is genuinely severe (50% of the amount not withdrawn). I had a client last month who nearly paid $3,500 to a fake "IRS resolution firm" because the letter referenced her actual brokerage and used legitimate IRS form numbers. Here's what retirees miss: the IRS will never threaten retirement account levies unless your conduct is flagrant--like pyramiding trust fund taxes or hiding assets offshore. Yet scammers constantly threaten immediate 401(k) seizures to create panic. I tell clients that if someone mentions levying your retirement funds in the first conversation, it's fraudulent. The IRS has an 11-step flagrancy test they must apply first, and that process takes months of documented case review, not a single phone call. One pattern from my practice: scammers are filing fake Power of Attorney forms (IRS Form 2848) in retirees' names, then calling the IRS practitioner hotline to access real account data. They use that information to make follow-up scam calls sound completely legitimate--they'll know your actual balance due, filing history, even your installment agreement amount. If anyone references your IRS account transcripts without you having authorized them in writing at your local IRS office, you're being scammed with stolen credentials.
When asked about the most common and emerging tax scams retirees should watch for in the 2026 filing season, I'm seeing a big shift from sloppy robocalls to highly personalized scams tied to Social Security, Medicare, and online tax accounts. Over the past year, scammers have gotten better at referencing real income sources like RMDs or benefit statements, then using urgency—"your benefits will be suspended" or "your return is flagged"—to force quick action. I worked with a retired client who nearly wired money after getting a voicemail that spoofed an IRS callback number and cited his exact Social Security payment amount, which he later realized came from a prior data breach. What's new for 2026 is heavier use of AI-generated emails and voice cloning, making messages sound calm, official, and convincing instead of threatening. Retirees are especially vulnerable because they're trained to comply with government agencies and often manage fixed incomes where any disruption feels catastrophic. A typical IRS or Social Security scam today starts with unexpected contact demanding immediate payment or verification, even though the IRS still initiates contact by mail and never asks for gift cards, crypto, or wire transfers. The biggest red flags retirees should never ignore are pressure to act fast, requests for login codes, or instructions to keep the situation secret. If someone thinks they've fallen for a tax scam, the first step is to stop all communication, contact their bank, and report it to the IRS and FTC before filing anything else. To protect themselves before filing season, retirees should lock down IRS online accounts, freeze credit, and review benefit statements regularly for small inconsistencies scammers often test first. One of the most dangerous misconceptions I still see is the belief that the IRS will call or text to "fix" a problem—real tax agencies don't chase people, they document everything on paper first.
Tax and Social Security scams targeting retirees continue to evolve because fraudsters know older adults live on fixed incomes and may not follow the latest communication practices. The classic scam still involves someone posing as the IRS or SSA and claiming you owe money or that your benefits will be suspended unless you pay immediately. Scammers usually demand payment via gift cards, wire transfers or cryptocurrency—methods the government never uses—and they instruct victims not to talk to anyone else. Ahead of the 2026 filing season, a few new twists are emerging. Fraudsters are using spoofed caller IDs and fake IRS domain names so calls and emails look authentic. They send text messages with links to supposed refund or subsidy portals that harvest personal data. Advances in AI make it easy to generate convincing voice messages that sound like legitimate agents. Some scammers exploit anxiety about health insurance or new credits to get retirees to hand over information. Retirees are particularly vulnerable because they may not realise that the IRS and SSA rarely contact people by phone or text. Many are eager to comply with government requests and may not recognise tactics like creating a sense of urgency or threatening arrest. Scammers also mention specific income streams such as Social Security, pensions or required minimum distributions (RMDs) to sound credible. A typical scam today might start with an unexpected phone call claiming a discrepancy in your return, followed by a demand for immediate payment or personal information. Emails or texts may use official logos but link to websites with subtle typos or unsecured connections. Some criminals even use chatbots to answer your questions and keep you engaged. To protect yourself or loved ones, remember that legitimate tax agencies send notices through the U.S. Postal Service and offer time to respond. They will never threaten arrest or insist on payment via gift cards or crypto. Hang up on unsolicited calls, do not click links in emails or texts, and contact the official IRS or SSA number if you have questions. Be sceptical of promises of quick refunds or special credits tied to pensions or RMDs. The biggest red flags are urgency, threats, requests for sensitive information or untraceable payments, and any communication you did not initiate. Staying informed through IRS scam alerts and consulting a trusted tax professional can help retirees avoid becoming victims.
Retirees should be vigilant against common tax scams in 2026, including phishing emails, IRS impersonation calls, and fake tax services. Scammers have become more sophisticated, utilizing personal information from social media and data breaches to enhance their credibility. A notable emerging threat is the use of AI-generated voice technologies, which may complicate efforts to identify fraud. Awareness and caution are essential for protection against these scams.
Attorney and Chief Executive Officer at Cummings & Cummings Law
Answered 3 months ago
Refund theft now exploits IRS processing backlogs rather than obvious phishing. I see criminals file early returns using stolen Social Security numbers and route refunds to prepaid cards. Retirees usually discover the fraud after the IRS freezes the account for verification. Medicare premium scams increasingly create secondary tax exposure. Scammers pose as Medicare administrators and demand immediate payment corrections by ACH or debit authorization. Once bank access is granted, estimated tax payments get altered or diverted. Firm impersonation emails now rely on accuracy rather than sloppiness. Fake emails copy real CPA and law firm names, reference prior filings, and cite exact dollar figures pulled from breached portals. Retirees comply because the message feels informed and calm. The hidden risk is exposure of IRS transcripts that later support home equity loan fraud or deed forgery. I am working on two of these cases right now. Social Security repayment scams hinge on technical reporting confusion. Fraudsters claim benefit overpayments tied to Form SSA-1099 and demand repayment through gift cards or crypto. Victims later face genuine IRS mismatch notices when reported income no longer reconciles. I have watched this expand into full audits that uncover unrelated but expensive compliance issues. Urgency combined with procedural detail remains the clearest warning sign. Real agencies move slowly, send repeat notices by mail (not phone, text, or email!), and allow appeals. Scams demand fast action and discourage outside review.
IRS impersonation scams, which claim you owe back taxes or that your refund is "on hold," are the most common. The second is what we call social security impersonation scams that use the threat of stopping benefits to get you to take immediate action. And thirdly, there are identity verification scams that will ask you for your username and password, one-time pass codes, and banking information. While the types of scams have remained the same (IRS impersonation, social security impersonation, and identity verification), the way they are being executed has evolved. This year we've seen a more polished and coordinated approach across multiple channels. The common process now begins with a short, urgent text message, followed by an email that includes official-looking branding and logos, and then a call from a spoofed number representing themselves as either a government agency or a tax support organization. The purpose of this process is to create urgency while keeping the victim engaged and moving through it. Looking ahead to the 2026 filing season, I believe we'll continue to see more AI-enabled impersonation. In addition, AI reduces the amount of work involved in creating look-alike websites and fake support pages. Furthermore, during the 2026 filing season, I anticipate we'll see even more phishing and account takeovers of email and financial accounts. Once a scammer gains control of your email account, they're able to reset your passwords and gain access to many sensitive documents. Retirees are often targeted because scammers use the fears associated with late fees and penalties on their benefits, and because any reference to Social Security, Medicare, pensions, or Required Minimum Distributions (RMDs) makes the scam seem more personal. Retirees should be cautious if they receive any of the following: a request to take immediate action, a threat, a request for payment via gift card, wire transfer, cryptocurrency, or a mobile payment application, or a request for your password(s) or one-time passcode(s). If you suspect you've been scammed, do not engage further, and instead, verify the legitimacy of the communication independently through official channels of your own research. And if you've provided any money or sensitive information to the scammer, please contact your bank immediately, change all your passwords, enable multi-factor authentication, and place a fraud alert or credit freeze.