• Microsoft Threat Intelligence reported an uptick in tax-themed email campaigns in the United States as April 15 approaches, using lures such as refund notices, payroll forms, filing reminders, and requests from tax professionals.
• Observed activity included credential-harvesting phishing and malware delivery, with some campaigns targeting accountants and tax preparers who handle sensitive documents and financial data.
• One IRS-impersonation campaign targeted more than 29,000 users across 10,000 organizations, with 95% of targets located in the United States.
• Microsoft noted continued abuse of legitimate remote monitoring and management tools in these campaigns, including ScreenConnect, SimpleHelp, and Datto, to enable remote access after compromise.

Disclaimer: This news brief was created by Public Technologies (PUBT) using generative artificial intelligence. While PUBT strives to provide accurate and timely information, this AI-generated content is for informational purposes only and should not be interpreted as financial, investment, or legal advice. Microsoft Corporation published the original content used to generate this news brief on March 19, 2026, and is solely responsible for the information contained therein.