March 22, 2021 By David Bisson 2 min read

Many people are familiar with U.S. Internal Revenue Service (IRS) scam letters fishing for money around tax season. Now, a new form of IRS scam targets tax professionals in a virtual version of the fake IRS letter.

The IRS warned tax professionals to be on the lookout for a scam that attempts to steal a victim’s E-Filing Identification Number (EFIN). Attackers use a fake email to target tax preparers’ identities and their clients’ data. Then, if they do get the information, attackers can impersonate the tax preparer and file fraudulent tax returns to get refunds.

Read on to learn how this IRS scam works and how to stay safe this tax season:

New IRS Scam Targets EFINS

According to the IRS, the ruse began with a scam email. This email claimed to come from ‘IRS Tax E-Filing.’ The subject line reads ‘Verifying your EFIN before e-filing.’

The email informs the tax preparer that they need to send over some documents to verify authorized E-File personnel. It then asks for a copy of both their EFIN and driver’s license number. To add some urgency to the threat, the email says the IRS will disable the tax preparer’s E-Filing access if they don’t comply.

The IRS urged tax preparers to not follow any of the steps outlined in the email. The best thing to do is to delete the email and not respond in any way.

Other Tax Scams

The IRS and other outlets have highlighted several other notable tax scams this season. In the beginning of February, for instance, the IRS warned taxpayers about the threat of ‘ghost’ tax return preparers who refuse to sign people’s returns that they prepare. Tax preparers are required to sign each return that they prepare and include their Preparer Tax Identification Number.

According to the IRS, the absence of a signature could indicate that a tax preparer is engaged in dishonest activity. They could be promising large refunds and charging fees based on the size of those refunds, for instance.

Another tax-related scam used fake SMS-based text messages that appeared to come from Her Majesty’s Revenue and Customs (HMRC) to trick U.K. recipients into thinking they could get a tax rebate. The scam messages arrived with a link that, when clicked, sent the user to a web page made to look like a real U.K. government website.

The bogus website domain, along with multiple grammatical errors, gave away the web page as a fake. It linked to a page designed to steal visitors’ personal information, including their credit card details. After scooping up their information it redirected victims to a real U.K. government page.

How to Stay Safe Against an IRS Scam

Organizations can defend themselves and their users against an IRS scam by investing in their email security defenses. One of the ways they can do this is by creating a security awareness training program and educating their workforce about some of the most common types of tax-based phishing emails and other scams that are in circulation.

To keep their employees aware of this IRS scam and similar attacks, organizations should test their employees on an ongoing basis. They should also use threat intelligence to stay on top of the newest tax scams.

More from News

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked. “About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced. In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a…

DOJ’s crackdown: A brief look at hacker group takedowns

3 min read - The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders. The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ's offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists. Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today