Tax-season phishing campaigns escalate with RMM tools and multi-vector social engineering

First reported

30.03.2026 18:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Cybercriminals have launched over a hundred tax-themed phishing campaigns in early 2026, employing malware, remote access tools, fraud schemes, and credential harvesting. Threat actors are increasingly integrating remote monitoring and management (RMM) tools into their operations to maintain persistence and escalate intrusions. These campaigns leverage seasonally relevant lures tied to tax filing pressures, including fake investment firm requests for updated W-8BEN forms and business email compromise (BEC) attempts targeting employees for W-2/W-9 forms. The tactics exploit urgency around penalties, missing documents, and compliance, resulting in credential theft and exposure of sensitive financial and personal data.

Timeline

30.03.2026 18:00 1 articles · 13h ago

Proofpoint identifies surge in tax-season phishing with RMM integration and multi-vector BEC
Proofpoint reports over a hundred tax-themed phishing operations in early 2026, incorporating RMM tools for post-compromise access and BEC targeting of W-2/W-9 forms. Investment-themed lures soliciting W-8BEN updates via fake portals and executive impersonation for tax document collection observed across multiple campaigns.
Show sources

Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00
Open in new tab

Information Snippets

More than 100 tax-themed phishing operations detected in early 2026, with actors using malware, RATs, fraud schemes, and credential phishing.
First reported: 30.03.2026 18:00

1 source, 1 article
Show sources
- Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00
Threat actors are increasingly leveraging RMM tools for post-compromise access and persistence.
First reported: 30.03.2026 18:00

1 source, 1 article
Show sources
- Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00
Malicious campaigns include impersonation of investment firms requesting W-8BEN form updates via fake login portals to harvest credentials.
First reported: 30.03.2026 18:00

1 source, 1 article
Show sources
- Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00
Business email compromise (BEC) campaigns impersonate executives to solicit W-2 and W-9 forms, exposing sensitive employee and financial data.
First reported: 30.03.2026 18:00

1 source, 1 article
Show sources
- Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00
Tax-themed lures exploit urgency around penalties, missing documents, and compliance deadlines to bypass user scrutiny.
First reported: 30.03.2026 18:00

1 source, 1 article
Show sources
- Cybercriminals Exploit Tax Season With New Phishing Tactics — www.infosecurity-magazine.com — 30.03.2026 18:00

Summary

Timeline

Proofpoint identifies surge in tax-season phishing with RMM integration and multi-vector BEC

Information Snippets