- The IRS released its 2026 Dirty Dozen list highlighting 12 major tax scams targeting businesses.
- Scammers are increasingly using AI-assisted calls and voice mimicry to impersonate government officials and demand payments.
- Small businesses face specific risks from ghost tax preparers who refuse to sign official documents.
(UNITED STATES) — The Internal Revenue Service released its 2026 “Dirty Dozen” list on March 5, 2026, warning that small and medium businesses face a sharper set of tax scams during filing season as criminals widen their use of fake messages, spoofed phone calls and fraudulent preparers.
The annual list identifies 12 major threats affecting taxpayers, businesses and tax professionals. This year’s alert puts notable emphasis on risks to SMBs, especially where scammers use stolen business information, pressure tactics and digital deception to reach payroll staff, bookkeepers and outside tax advisers.
Much of the danger comes from the way the scams are delivered. Email, text messages, social media direct messages, QR codes and AI-assisted calls all appear in the IRS warning, reflecting how tax fraud schemes now move across multiple channels rather than relying on a single approach.
For businesses, that matters because routine tax work often depends on emailed records, online account access and quick exchanges with preparers. Scammers try to exploit that pace, using messages that look ordinary enough to open before a recipient spots the warning signs.
Among the threats drawing the most concern are spear-phishing attacks aimed at tax professionals. In those schemes, cybercriminals send emails disguised as new client inquiries or document requests and embed malicious links or attachments inside them.
A successful breach can hand over client data, opening the way for fraudulent tax returns or wider damage to an organization’s systems. For small and medium businesses that rely on outside accountants or internal finance staff with broad access, one deceptive message can expose both tax records and other company information.
The IRS also highlighted IRS impersonation scams delivered through emails, texts, direct messages and QR codes that push recipients to fake sites. Those messages often rely on alarming language to create urgency and make a target act before verifying the sender.
That threat has grown beyond email inboxes. The IRS reported over 600 social media impersonators during fiscal year 2025, a figure that shows how frequently criminals now imitate the agency on digital platforms where businesses and tax professionals also communicate with customers and colleagues.
The agency’s warning also points to AI-enabled phone scams, which now include robocalls with spoofed caller IDs and computer-generated voice mimicry. Those calls pressure taxpayers and business owners to make immediate payments or hand over sensitive information.
For an office worker answering a line that appears to belong to a government office, the tactic can be hard to dismiss quickly. Voice mimicry and spoofed numbers add another layer of deception, especially when the caller sounds official and insists a payment problem needs immediate action.
The IRS drew attention as well to ghost tax preparers, a long-running fraud that remains dangerous for businesses under deadline pressure. These preparers refuse to sign returns or provide a Preparer Tax Identification Number, leaving the business legally responsible for inaccurate filings or fraud.
That risk can be acute for smaller firms that turn to a preparer late in filing season and focus on speed over verification. A return may be completed and submitted, but the absence of a signature or PTIN leaves the taxpayer exposed if the filing contains false information.
Another threat in the 2026 warning involves identity theft targeting IRS online accounts. Criminals use stolen business information to gain unauthorized access to taxpayer accounts, giving them another route to manipulate records or exploit account access tied to tax filings.
The concern reaches beyond a single fraudulent return. Once criminals gain entry through stolen identifiers, they may be able to interfere with account management or obtain information that can feed additional scams against the same business.
Taken together, the IRS warning sketches a broader picture of how tax crime has adapted. A fake client inquiry can deliver malware, a text can steer a recipient to a fraudulent payment page, a QR code can hide a malicious destination and a phone call can sound increasingly convincing because software now imitates real voices.
That mix of methods helps explain why the IRS framed the March 5, 2026 release as more than a routine annual reminder. The 12-threat Dirty Dozen list serves as a current enforcement and awareness update at a time when many businesses are moving sensitive tax and payroll information among employees, vendors and advisers.
The agency’s response message centers on recognition and restraint. Unexpected messages that contain links or attachments, demand urgent payment or ask for sensitive data remain some of the clearest warning signs in the IRS guidance.
Tax professionals face a narrower but equally risky version of that problem. The IRS said they should scrutinize email requests that come from mismatched sender addresses or use unusual urgency, especially when the message seeks documents, taxpayer information or account credentials.
Businesses should avoid interacting with suspicious links and attachments rather than testing whether a message is real. The IRS said suspected phishing emails can be forwarded to [email protected].
For online account security, the IRS urged businesses to create or manage access through IRS.gov rather than through links embedded in messages. That distinction is central to the agency’s warning because impersonation attempts often mimic official branding well enough to fool a recipient who follows a link without checking the destination.
The IRS warning also reinforces a point that applies across many of the scams: criminals often try to force speed into an exchange that should be routine. A message that insists on instant payment, immediate login or urgent document transfer tries to replace normal verification with panic.
In practice, that can mean a fake email framed as a new client request, a text that threatens consequences, or a direct message that urges a business to scan a QR code to resolve a tax matter. The channel changes, but the objective stays the same — push a recipient into sharing money, access or records before the business confirms who is making contact.
The same principle applies to phone calls. The IRS warning says scammers use spoofed caller IDs and voice mimicry to make demands sound authentic, but those calls are part of the same pattern of coercion seen in digital scams.
What stands out in the 2026 list is the breadth of contact methods now used in impersonation attempts. The IRS warning spans digital messages, QR codes and AI-assisted calls, suggesting that businesses no longer face isolated fraud tactics but overlapping ones that can appear in email, on social media and by telephone within the same filing period.
That breadth raises the stakes for tax professionals as well. They may receive inquiries that look like routine client onboarding, only to discover that the sender address does not match the supposed business or that the request carries an attachment designed to infect a system.
For SMBs, the exposure often begins with ordinary workflow. Payroll information, tax documents and account credentials move through inboxes and shared systems, creating opportunities for criminals to imitate familiar requests and slip into the process.
The IRS wants businesses and tax professionals to respond with verification before disclosure. That means confirming identities before sharing tax or payroll information and treating unsolicited contact about tax matters with caution, particularly when the message presses for immediate action.
The agency also wants businesses to use official IRS channels for account creation and tax information, report suspicious activity promptly and educate employees about phishing, impersonation and fake preparer tactics. Internal awareness matters because scams often succeed when one employee handles an email or call as an isolated task rather than as a security issue.
The warning on ghost preparers carries a direct compliance message as well. Legitimate preparers should sign returns and provide a PTIN, and businesses that do not confirm those basics can end up bearing the legal consequences of a false filing.
As filing season continues, the IRS is presenting the Dirty Dozen less as a catalog of abstract risks than as a snapshot of the fraud pressure surrounding tax work right now. The March 5, 2026 alert, the list of 12 major threats and the agency’s report of over 600 social media impersonators during fiscal year 2025 together show how aggressively scammers are targeting the tax system — and how often small and medium businesses sit in their path.
