Phishing campaigns are targeting the U.S. tax season with realistic phishing emails and malicious attachments. These emails are used to install malware on victim’s computers or convince them to submit sensitive informaton on servers that are under attacker’s control. Phishers take advantage of this by creating realistic web pages that impersonate the IRS in order to collect login and personal information from tax payers. In January 2019, ProofPoint observed a campaign targeting accounting firms that pretended to be an email from a fictitious taxpayer named Timothy. This email contained numerous fake documents such as a W-2 form, a 1099-R, and a mortgage interest 1098 form.
Source: https://www.bleepingcomputer.com/news/security/realistic-phishing-attacks-take-advantage-of-us-tax-season/