Proofpoint researchers have identified an increase in campaigns and malicious domains impersonating tax agencies and financial organizations. This aligns with the annual increase in tax-related content observed from December through April. Phishing lures impersonate government agencies and financial services organizations involved in tax filing. Campaigns targeting the UK, US, Switzerland, and Australia have been observed, using various tactics such as credential harvesting, fraudulent payment requests, and malware delivery. Threat actors exploit tax themes to make their lures more convincing, especially during filing seasons. Organizations are advised to educate users about common techniques and lures used by attackers.