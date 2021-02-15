Scammers are impersonating the IRS to steal Electronic Filing Identification Numbers (EFINs), and the IRS has warned tax professionals that these cybercriminals are "very creative."
The scammers try to steal client data and tax preparers' identities so they can file fraudulent tax returns for refunds.
"Phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information, and we often see increased activity during filing season," IRS Commissioner Chuck Rettig said in a statement.
"Tax professionals must remain vigilant. The scammers are very active and very creative."
The latest scam email says it is from "IRS Tax E-Filing" and carries the subject line "Verifying your EFIN before e-filing."
The IRS warns tax pros not to take any of the steps outlined in the email, especially responding to the email. The body of the bogus email begins:
In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver's license before you e-file.
Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver's License emailed in order to complete the verification process. Email: (fake email address)
Abhay Bhargav, CEO at cybersecurity firm we45, said the scam is “not uncommon.”
“During special events or at certain specific moments in time, phishers leverage that event as an opportunity to financially cash in on the event,” Bhargav said via email. “In this case, clearly the objective is to deploy malware on the tax preparer's machines and cause some data exfiltration over time. This is valuable data, from an attacker's perspective.”
Tax professionals who received the scam should save the email as a file and then send it as an attachment to phishing@irs.gov, the IRS states. They also should notify the Treasury Inspector General for Tax Administration at tigta.gov to report the IRS impersonation scam. Both TIGTA and the IRS Criminal Investigation division are aware of the scam.
Like all phishing email scams, it attempts to bait the receiver to take action (opening a link or attachment) with a consequence for failing to do so (disabling the account). The links or attachment may be set up to steal information or to download malware onto the tax professional's computer.
Tax professionals also should be aware of other common phishing scams that seek EFINs, Preparer Tax Identification Numbers (PTINs) or e-Services usernames and passwords.
Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic. The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to be their tax information.
For more information and help, review Publication 4557, Safeguarding Taxpayer Data PDF and Identity Theft Information for Tax Professionals.