BioCatch Blog Channel

Browse Topics

AI and the future of taxes

Written by:

Seth Ruden

AI and the future of taxes featured image

Happy tax season! Once again, bad actors are working hard to take advantage of our tax-related stresses and anxieties and the complexity (borderline indecipherability?) of various tax codes to con us into sending them our returns or estimated payments. The difference this year is artificial intelligence (AI) and social engineering tactics have increased both the sophistication and prevalence of tax scams.

In response, the Canada Revenue Agency has launched a new page for filers awareness, highlighting the potential for new AI-powered threats. Of particular note is the “EFILE accounts scam” awareness page, which suggests:

"Messages targeting tax preparation service providers and discounters are asking recipients to sign conditions for maintaining their EFILE accounts. There is a button or link that leads to a fake EFILE Sign in page, which looks very similar to the actual EFILE Sign in page.

What to do:

    • Do not click any buttons, links, or reply to the message
    • Only access the EFILE Sign in page from official Canada.ca pages
    • Refer to CRA's information: EFILE for electronic filers"

The EFILE accounts scam is essentially a phishing page posing as the legitimate EFILE site. The scam page requests login credentials, and when victims provide those credentials, the scammer gains what he needs to take over the victim’s account and receive the victim’s tax refund – not a stone’s throw from the bank impersonation or phishing sites we’ve observed for the last few years now, and more evidence that what works well for the goose also works for the gander.

The relentless advance of AI has been jaw dropping, empowering us all to manufacture images, audio, and video that appear legitimate in almost every facet, with the content itself being (sometimes) farcical. Our 2024 whitepaper on AI and Scams forecast AI would reduce the time to market for bad actors to stand up new services. This prediction materialized faster than we expected.

Take the following as evidence: If I wanted to have AI generate and launch a new webpage, create all the content I was seeking, have it search-engine-optimized, and then deploy this without having to write a single line of code myself, there are existing AI tools available right now that can make that happen. As predicted by our whitepaper, a spoofed page is now often so indistinguishable from its legitimate counterpart, the success rates of and threat posed by phishing attacks might soon grow drastically.

Consider the risks: This new webpage may not be performing the services that I am asking of a legitimate entity. Perhaps I could be emulating a merchant, taking orders and accepting payments, but rather than fulfilling my obligations, I might just process the payment and then sell the compromised payment card information to a third party. Now extrapolate this to tax agencies.

This is the new world, where the average consumer receives a text message from a number spoofing a legitimate agency with a link to complete their taxes, to get a rebate or payment, or to review a crucial tax document. These messages may contain information pertinent to the recipient, perhaps including personal details or other confidential data. It might serve up authentic-sounding good news we want to believe or – worse – a threat to be realized if we don’t comply.

All of these requests should be validated to prove their legitimacy. Contact the CRA at its dedicated phone number (or the IRS or other tax agency, as scams like this one are sure to jump borders and oceans), don’t update forms outside of the official CRA website, and never pay taxes via Interac e-transfer.

Tax season is enough of a burden already, so avoidance of scams and fraud this time of year isn’t something any of us need to encumber us any further. Certainly, no one likes having to pay, and the temptation for a little relief is welcomed, but there’s enough people falling for these scams to incentivize the bad actors behind them to intensify their efforts.

Making ourselves – individual consumers and financial institutions – a bit more resilient deprives the bad actors of oxygen and strengthens the herd. AI may be great for entertaining us with images and clips of comical juxtaposition, but recognize that deception may be used nefariously, and this is becoming more common every day.

 

Recent Posts

America is behind in the scam fight: Why this bank CEO wants a national strategy Mule Accounts
April 17, 2025 America is behind in the scam fight: Why this bank CEO wants a national strategy
Read article
The war is coming: Agentic AI and the next wave of attacks Social engineering scams
April 15, 2025 The war is coming: Agentic AI and the next wave of attacks
Read article
France: Western Europe’s top spot for organized crime Fraud Prevention
April 11, 2025 France: Western Europe’s top spot for organized crime
Read article