FEATURED WEBINAR
Death, Taxes, and Phish: Seasonality in threats and awareness campaigns
April 30, 2026
11 AM CDT (12 PM New York) | 11 AM EEST (9 AM UK)
"Tax season is over, but attackers are still collecting"
Petri Kuivala
CISO Advisor
David Badanes
Human Risk Management Advisor
.avif)
Eliot Baker
Director of Content Marketing
Watch the video
.png)
📅 April 30th @ 11 AM CDT (Chicago)| EEST (Helsinki)
A tax-themed phishing surge with lasting, global implicaitons
Join Petri Kuivala and David Badanes for a practical discussion of the largest tax-themed phishing surge observed in Hoxhunt data—and what security leaders can do now to predict and prepare for other phishing campaigns. We are releasing a research report on these findings the day of the webinar.
Tax season ends, but attackers keep collecting
Hoxhunt threat intelligence identified an unprecedented increase in U.S. tax authority impersonation campaigns compared to the baseline from the previous two years. This is the largest tax-themed phishing surge observed in Hoxhunt’s dataset, and it could represent a rare, recurring seasonal attack campaign.
These attacks were not limited to consumer inboxes. They targeted employee work accounts, often impersonating legitimate tax authorities and administrative workflows.
The risk likely does not end in Spring.
In the United States, September and October extension deadlines recreate many of the same high-risk conditions—including deadline pressure, administrative messaging, and the exchange of sensitive data.
There are similar deadlines across Europe and Asia that contain overlap between people's personal lives and professional workflows. As Petri and David will discuss, attackers like pinning social engineering campaigns to recurring events that contain heightened stress, emotions, and the exchange of personal information.
For security leaders, this creates a clear opportunity:
Align awareness and defenses to seasonal risk—not just compliance schedules.
Why this matters to everyone, everywhere, today
The spring 2026 tax phish surge provides an example of how attackers scale tactics that prove effective. That includes recurring, seasonal attack campaigns.
When campaign volumes increase dramatically, it typically indicates successful outcomes—whether credential theft, financial compromise, or data exposure.
Understanding how these campaigns work—and when they are most likely to occur—helps organizations design security programs that reflect real operational risk.
This webinar highlights the need to close the loop between real reported threats and targeted security awareness campaigns. Seasonal attacks demand seasonal training.
Why join this webinar?
🎯 Understand the 2026 tax phishing surge
Learn how tax authority impersonation campaigns increased dramatically, and what made them effective inside corporate environments.
📊 See real examples of tax-themed phishing campaigns
Review representative messages observed during the spring 2026 spike and understand how attackers structure realistic administrative lures.
🧠 Learn how to build seasonal awareness strategies
Discover how security teams can align training with operational deadlines—especially during U.S. October extension periods.
📅 Turn Cybersecurity Awareness Month into a strategic defense window
Explore how tax-themed simulations and messaging can strengthen October training programs.
🔐 Strengthen verification habits and reporting culture
Learn practical methods for reducing successful impersonation attempts through behavioral reinforcement.
Meanwhile, if you haven't already, check out the Hoxhunt 2026 Phishing Trends Report for an overview of the latest stats, trends, and attacks targeting employees—and how security leaders are staying safe.
Speakers
Petri Kuivala
CISO Advisor
Petri has been a world-class CISO since the dawn of Nokia's mobile industry dominance.
David Badanes
Human Risk Management Advisor
David is an experienced CISO-level leader of global enterprise-scale security awareness and human risk management programs.
Eliot Baker
Director of Content Marketing
Eliot has an extensive background in science, journalism, and cybersecurity
Subscribe to All Things Human Risk
Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and the ever-changing landscape of phishing threats.
FEATURED WEBINAR
Death, Taxes, and Phish: Seasonality in threats and awareness campaigns
"Tax season is over, but attackers are still collecting"
📅 April 30th @ 11 AM CDT (Chicago)| EEST (Helsinki)
A tax-themed phishing surge with lasting, global implicaitons
Join Petri Kuivala and David Badanes for a practical discussion of the largest tax-themed phishing surge observed in Hoxhunt data—and what security leaders can do now to predict and prepare for other phishing campaigns. We are releasing a research report on these findings the day of the webinar.
Tax season ends, but attackers keep collecting
Hoxhunt threat intelligence identified an unprecedented increase in U.S. tax authority impersonation campaigns compared to the baseline from the previous two years. This is the largest tax-themed phishing surge observed in Hoxhunt’s dataset, and it could represent a rare, recurring seasonal attack campaign.
These attacks were not limited to consumer inboxes. They targeted employee work accounts, often impersonating legitimate tax authorities and administrative workflows.
The risk likely does not end in Spring.
In the United States, September and October extension deadlines recreate many of the same high-risk conditions—including deadline pressure, administrative messaging, and the exchange of sensitive data.
There are similar deadlines across Europe and Asia that contain overlap between people's personal lives and professional workflows. As Petri and David will discuss, attackers like pinning social engineering campaigns to recurring events that contain heightened stress, emotions, and the exchange of personal information.
For security leaders, this creates a clear opportunity:
Align awareness and defenses to seasonal risk—not just compliance schedules.
Why this matters to everyone, everywhere, today
The spring 2026 tax phish surge provides an example of how attackers scale tactics that prove effective. That includes recurring, seasonal attack campaigns.
When campaign volumes increase dramatically, it typically indicates successful outcomes—whether credential theft, financial compromise, or data exposure.
Understanding how these campaigns work—and when they are most likely to occur—helps organizations design security programs that reflect real operational risk.
This webinar highlights the need to close the loop between real reported threats and targeted security awareness campaigns. Seasonal attacks demand seasonal training.
Why join this webinar?
🎯 Understand the 2026 tax phishing surge
Learn how tax authority impersonation campaigns increased dramatically, and what made them effective inside corporate environments.
📊 See real examples of tax-themed phishing campaigns
Review representative messages observed during the spring 2026 spike and understand how attackers structure realistic administrative lures.
🧠 Learn how to build seasonal awareness strategies
Discover how security teams can align training with operational deadlines—especially during U.S. October extension periods.
📅 Turn Cybersecurity Awareness Month into a strategic defense window
Explore how tax-themed simulations and messaging can strengthen October training programs.
🔐 Strengthen verification habits and reporting culture
Learn practical methods for reducing successful impersonation attempts through behavioral reinforcement.
Meanwhile, if you haven't already, check out the Hoxhunt 2026 Phishing Trends Report for an overview of the latest stats, trends, and attacks targeting employees—and how security leaders are staying safe.
Speakers
Petri Kuivala
CISO Advisor
Petri has been a world-class CISO since the dawn of Nokia's mobile industry dominance.
David Badanes
Human Risk Management Advisor
David is an experienced CISO-level leader of global enterprise-scale security awareness and human risk management programs.
Eliot Baker
Director of Content Marketing
Eliot has an extensive background in science, journalism, and cybersecurity
.webp)
