The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).
Scammers started this ongoing phishing campaign right before the US tax season with the end goal of stealing both client data and tax preparers’ identities.
The phishing emails ask tax preparers to email copies of their “EFIN (e-file identification number) verification and Driver’s license” as part of a bogus verification process.
To convince potential victims to hand over their info, the attackers threaten that the account they use to file tax documents electronically will be disabled.
Once they get their hands on this information, the fraudsters will be able to illegally file tax returns for refunds by impersonating the targeted professionals.
The attackers’ emails use IRS Tax E-Filing as the sender name, a “Verifying your EFIN before e-filing” subject line, and have the following content:
In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver's license before you e-file.
Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver's License emailed in order to complete the verification process. Email: (fake email address)
If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.
© 2021 EFILE. All rights reserved. Trademarks
2800 E. Commerce Center Place, Tucson, AZ 85706
“Tax professionals also should be aware of other common phishing scams that seek EFINs, Preparer Tax Identification Numbers (PTINs) or e-Services usernames and passwords,” the IRS added.
“Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic.
“The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to be their tax information.”
Links or attachments bundled with these phishing messages may also be used by the attackers to infect the targets’ computers with malware that could steal their information.
Tax pros targeted by this ongoing phishing campaign are advised not to respond to such emails and to send the emails (as file attachments) to phishing@irs.gov.
The IRS impersonation scam should also be reported to the Treasury Inspector General for Tax Administration for further investigation by the IRS Criminal Investigation division.
In November 2020, aggressive scammers impersonated the IRS in e-mails threatening targets with legal charges and arrest warrants unless they paid fabricated outstanding amounts related to missed or late payments.
Source: https://www.bleepingcomputer.com/news/security/scammers-target-us-tax-pros-in-ongoing-irs-phishing-attacks/?&web_view=true