Tax professionals and their clients will face increasingly sophisticated AI-driven fraud schemes during the upcoming tax filing season. However, one cybersecurity expert says “help is on the way” with the advent of mobile driver’s licenses – which could provide for more secure online identity verification in the near future.
AI-Driven Fraud Schemes on the Rise
The explosion of AI technology has made it simple for fraudsters to create highly convincing fake content at scale, said Peter Horadan, CEO of the AI-powered identity verification solutions company Vouched. Horadan told Checkpoint that AI can scrape publicly available information or data from breaches to craft weaponized and personalized emails, text messages, and even voicemails.
He pointed to the data breach tracking site haveibeenpwned.com, which tracks over 17 billion leaked records, as evidence that enough personal information is available on nearly every individual to create a believable fake narrative.
“We’re at a point today where the tooling to make AI fakes, either of emails, audio, or audio and video, are starting to become so compelling that it’s starting to fool a lot of people,” Horadan said. “I don’t think we’ve really built up a lot of good defenses with AI yet,” he added. “I think there’s a lot of unsuspecting people who don’t yet realize just how strong these attacks are going to be.”
Red Flags for Tax Practitioners
Horadan explained that the tax filing season creates a perfect storm of chaos and urgency, which can cause practitioners and clients to let their guard down. He advised that intuition remains a powerful defense – if a client communication “sounds off,” he recommends looking at it closely.
Among the key red flags to watch for are an unusual sense of urgency that is out of character for the client or requests for sensitive information. Horadan also urged caution with new or unexpected communication channels, such as a text message when you normally use email, or an email from a different address.
“It’s worth it to verify using some other channel,” Horadan said. “The simplest thing to do is just call your client and say, ‘Was this you?’ and have a voice conversation.” When doing so, practitioners should look up the client’s number independently rather than using a number provided in a suspicious email or text.
Advising Clients on Fraud Prevention
Tax practitioners can protect their clients by proactively educating them about fraud risks. Horadan recommends practitioners clearly define how they will communicate with clients and what information they will and will not ask for. This helps clients recognize social engineering, a technique where a fraudster impersonates a trusted individual to manipulate a victim into sharing confidential information such as passwords.
“I would tell your clients, ‘These are the ways I will contact you, and I will never contact you in these other ways,'” Horadan suggested. For example, practitioners may want to warn clients that they will never reach out by text message or ask for bank passcodes. And he recommends telling clients that “when something doesn’t seem right, give a double check” – and call the tax practitioner’s office to verify.
Horadan also cautioned against the use of new AI agents that can complete tasks online – such as filing taxes – after being supplied with usernames and passwords. While some agents are offered by reputable firms, sharing this data opens up users to fraud risk, he explained. That includes not only potential data breaches at the AI company but also from legal proceedings. Horadan cited the New York Times lawsuit against OpenAI, which gave the newspaper the ability to subpoena user chats, potentially exposing private data.
The Future of Identity Verification
While vigilance is the best defense today, Horadan said that a more robust technological solution is on the horizon – mobile driver’s licenses. He described these as a new form of digital identification stored on a mobile phone that, unlike a physical ID, cannot be counterfeited once issued by a state.
According to Horadan, approximately 10 states are already issuing mobile driver’s licenses, with 19 total having announced plans. He estimates that about 8% of adults in the U.S. currently have a mobile driver’s license.
But Horadan predicts that we’ll reach a “tipping point” within 12 – 24 months where more adults in the U.S. have a mobile driver’s licenses than not. This could dramatically change online identity verification procedures.
Now, companies use techniques like “sending six digits to your cell phone or asking you which address you lived at five years ago,” said Horadan. Once more people have mobile driver’s licenses, he predicts that “all password resets will require you to show your ID, just like we would in the real world.” He called such a shift “a very powerful solution” to fight fraud.
And practitioners should anticipate that tax preparation software will integrate mobile driver’s licenses for identify verification in the near future, said Horadan. He explained that even small CPA firms will likely be able to harness this technology through their existing tax software, which will handle the integration.
However, this filing season, practitioners will still need to focus on low-tech defenses – verifying unexpected requests through a separate, known communication channel and educating clients on the risks of AI-powered scams.
Take your tax and accounting research to the next level with Checkpoint Edge and CoCounsel. Get instant access to AI-assisted research, expert-approved answers, and cutting-edge tools like Advisory Maps and State Charts. Try it today and transform the way you work! Subscribe now and discover a smarter way to find answers.
