Tax Scam Losses Average $1,020 With Younger Victims

Tax refund season is prime time for impostors, and the typical victim now parts with $1,020. Contrary to the stereotype, it’s not just retirees getting duped. Younger adults are being squeezed hardest as scammers lean on AI-polished messages, fake tax websites, and pressure tactics that feel startlingly official.

Fresh findings from McAfee’s latest Tax Season Survey point to a widening threat. A striking 82% of Americans say they’re worried about tax fraud, and 40% believe scam messages have grown more sophisticated. More than 30% report being contacted by someone posing as the IRS or a state agency, often by text or email directing them to a “secure” link or urgent payment request.

The damage is real: 23% say they’ve fallen for a tax scam, 20% admit losing money, and over 10% report tax-related identity theft. Behind the scenes, criminals are scaling up infrastructure too. McAfee identified more than 1,400 suspicious tax-themed domains in a recent stretch, an average of about 43 new fake sites every day, many designed to harvest logins, Social Security numbers, and bank details.

Younger Adults Are Overrepresented Among Victims

One number jumps off the page: among people in the youngest adult cohort, 42% in the survey said they’ve fallen for a tax scam. Digital natives aren’t naïve—they’re targeted. They live on mobile, move fast, and rely heavily on texts, messaging apps, and P2P payments, where split-second decisions can prove costly.

Scammers exploit life events that skew younger, too. New filers, recent grads, gig workers, and first-time small-business owners are more likely to be confused by changing filing rules or surprise tax forms. Fraudsters weaponize that uncertainty—spoofing “verification” notices, dangling “refund recalculations,” and even charging $319 to “help” obtain an Employer Identification Number that the IRS provides for free.

How Modern Tax Scams Reel People In Today

The playbook is consistent. First comes the hook: an alarming message about a refund hold, underpayment, or account verification. Next, the impersonation: the sender claims to be from the IRS or a state department of revenue, sometimes citing personal details scraped from data breaches or social profiles to sound convincing.

Then comes the pivot to capture data or money. Victims are pushed to click a link to a “secure portal” or call a “case officer.” The sites look authentic—criminals copy IRS styling, plant misleading subdomains, or stuff URLs with “irs.gov” text. AI helps generate flawless emails, chat replies, even voice clones that silence healthy skepticism. The finish is pressure: pay immediately to avoid penalties or arrest, or lose your refund.

It’s not just email. Phone calls, SMS, social DMs, and messaging apps all feature in these campaigns, and 40% of surveyed recipients said they were asked to click a link or send payment. The cross-channel approach makes the ruse feel inescapable—and more legitimate.

Red Flags and the True Cost of Tax Scams

The headline loss—$1,020 on average—often understates the fallout. When identity theft is involved, victims may face delayed refunds, weeks of account remediation, and long-term exposure of tax transcripts, employment records, and bank details. The Federal Trade Commission, the IRS, and the FBI’s Internet Crime Complaint Center all warn that tax impostors use fear and urgency precisely because it works.

Watch for telltales:

• Unsolicited messages about refunds or “errors”
• Links to login pages you didn’t request
• Payment demands via gift cards, crypto, or P2P apps
• Threats of arrest or immediate penalties
• Odd sender domains that aren’t .gov
• Requests for remote access
• Up-front fees for filings the IRS handles at no cost

The IRS doesn’t initiate contact by email, text, or social DM, won’t demand instant payment, and won’t ask you to click a link to get your refund.

If You Get Hit, Take These Steps Fast to Recover

1. Stop engaging. Don’t click links or send more information. Document everything with screenshots and transaction IDs, then contact your bank or card issuer to dispute charges and request reversals. Place a fraud alert or credit freeze with the major credit bureaus to block new accounts in your name.
2. Alert authorities. Forward phishing emails to the IRS at phishing@irs.gov and report impostor contacts to the FTC and the FBI’s Internet Crime Complaint Center. If your Social Security number may be compromised or a return may have been filed in your name, submit the IRS Identity Theft Affidavit (Form 14039) and request an Identity Protection PIN to lock down future filings.
3. Secure your accounts in order of importance, starting with email. Change passwords, enable 2FA, and replace any reused credentials. Run a full malware scan on your devices and consider an identity monitoring service that can alert you if your information appears in breach data.

How to Lower Your Risk Before You File This Season

File early so criminals have less time to submit a return in your name. Get an IRS Identity Protection PIN if eligible. Go directly to the IRS website by typing the address yourself and use official tools to check refund status or make payments—never from links in messages or search ads.

Vet paid preparers by confirming their Preparer Tax Identification Number and asking how your data is stored and transmitted. Treat any unexpected outreach as fraud until proven otherwise; call the official number on the IRS website or a state tax agency to verify. Limit P2P balances, set banking alerts, and keep your device and browser updated. A few calm checks can be the difference between a clean filing and a $1,020 mistake.