Financial Trojans: This type of attack uses names of popular tax-prep programs like Turbotax. Haley said targets receive an email with an attachment disguised as an important tax document from Turbotax.
"In most cases, the attachment looks like a spreadsheet or a document file," he said.
If you open it, itlaunches malware on to your computer or phone. Once it's installed, the malware allows scammers to steal login information and bank account credentials.
Tax-themed phishing scams: Haley said these scams use HTML files that capture personal data and company information and then send it to a server controlled by the cybercrooks.
In its annual list of "Dirty Dozen" tax scams, the IRS highlighted this particular attack, which is carried out through a fraudulent email or website.
The IRS emphasized that it never uses email to request personal or financial information.
IRS-disguised ramsonware: This attack mimics a Cryptolocker threat, meaning the virus seizes control of your computer files and threatens to erase them unless you pay a ransom.
During tax season, Haley said the Cryptolocker virus is disguised in an email that purports to have important tax-related information.
"This is a particularly vicious attack," he said. "It will not only lock your personal files but also encrypt them and hold them for ransom."
Some businesses feel they have no choice but to pay, he said.
Want to outsmart the cybercriminals? Regularly back up important files or encrypt sensitive data, Haley said.
There are other steps small businesses can take to protect themselves from cyberscams.
Good security software is a must, said Haley, as is password protection. Just don't use the same password everywhere! Also, be very careful about clicking on links in an email.
Finally: "Be suspicious," Haley said. "Scammers are quite good at making emails and links look legitimate. Know that the email 'from' the IRS will never be from the IRS."