During tax season, threat actors exploit the urgency of time-sensitive tax-related emails to trick targets into opening malicious attachments, scanning QR codes, or following link chains. Recent campaigns identified by Microsoft Threat Intelligence use lures around W-2 forms, tax forms, and impersonation of government tax agencies and financial institutions. These campaigns aim to harvest credentials or deliver malware, often using phishing-as-a-service platforms for convincing credential theft and MFA bypass. Notable tactics include using legitimate remote monitoring tools, targeting specific industries and roles like accountants, and employing sophisticated social engineering techniques. The campaigns leverage various file formats, legitimate infrastructure, and multiple user interactions to complicate detection.