Microsoft Finds Tax-Season Phishing Campaigns Targeting Professionals

Microsoft Threat Intelligence identified multiple tax-themed phishing campaigns in January–February 2026 that targeted US organizations and professionals with hundreds to several thousand emails. Attackers used PhaaS kits (Energy365, SneakyLog), personalized attachments and QR codes, and abused legitimate RMM tools like ScreenConnect and SimpleHelp to harvest credentials or deliver malware. Microsoft recommends user education, email security hardening, and monitoring for abused RMMs to mitigate these seasonal threats.
Key Points
- 1Use Energy365 and SneakyLog phishing kits to send tax-themed emails to US organizations in Feb 2026
- 2Exploit seasonal urgency and personalization, enabling high credential theft, MFA bypass, and targeted malware delivery
- 3Advise stronger email security, user training, MFA protections, and monitoring for abused RMM tools like ScreenConnect
Scoring Rationale
Official Microsoft findings and actionable defenses increase impact; coverage is timely but largely limited to US tax-season campaigns.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

