Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

IRS issues urgent EFIN scam alert to tax professionals

tax scam
February 17, 2021

The Internal Revenue Service, state tax agencies and tax industry warned tax professionals of a new scam email that impersonates the IRS and attempts to steal Electronic Filing Identification Numbers (EFINs).

The Security Summit partners said the latest scheme, arriving just before the start of the nation's tax season, should serve as another reminder that tax professionals remain prime targets for identity thieves. These thieves try to steal client data and tax preparers' identities that will allow them to file fraudulent tax returns for refunds.

"Phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information, and we often see increased activity during filing season," said IRS Commissioner Chuck Rettig. "Tax professionals must remain vigilant. The scammers are very active and very creative."

The latest scam email says it is from "IRS Tax E-Filing" and carries the subject line "Verifying your EFIN before e-filing."

The IRS warns tax pros not to take any of the steps outlined in the email, especially responding to the email. The body of the bogus email states:

In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver's license before you e-file.

Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver's License emailed in order to complete the verification process. Email: (fake email address)

If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.

© 2021 EFILE. All rights reserved. Trademarks

2800 E. Commerce Center Place, Tucson, AZ 85706

 

Tom Pendergast, Chief Learning Officer at MediaPro, a Seattle, Washington-based provider of cybersecurity and privacy education, says, “What’s worse than a scammer going after an individual tax filer? One who goes after tax filing professionals, hoping to gain access to the bank accounts of many more Americans keyed up about paying taxes in a difficult financial climate. That’s why tax filers have to be doubly skeptical of any attempted contact related to tax IDs.

"The good thing is, the core advice for taxpayers and tax filers alike is: never respond directly to emails or phone calls requesting information or providing links—instead, use known access sites or contact methods to conduct business; establish a trusted relationship with government agencies that require a unique password and multi-factor authentication; report suspected phishing attempts to the appropriate agency.”

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, notes, “Tax season is something malicious actors use to their advantage every single year. We most often hear about phishing campaigns that target consumers, but now we’re seeing more attacks like this one focusing on tax professionals. By targeting tax firms, an attacker could gain access to highly sensitive tax data such as social security numbers and bank account information for that firm’s entire customer base. People access their work email on a smartphone or tablet just as much as they do on a computer. Attackers know this and are creating phishing campaigns like this to take advantage of the mobile interface that makes it hard to spot a malicious message. Unless you tap into the sender name, mobile email clients only display the sender name and not the reply-to address

Schless adds, "Social engineering attacks are more difficult to spot on mobile. They’re also easier to deliver, as there are countless ways to send messages on a mobile device. For example, SMS messages have less stringent spam filtering and social media platforms allow attackers to build convincing profiles to distribute malicious content. According to Lookout data, about 15% of financial services employees encountered a mobile phishing attempt each quarter in 2020. The best first-line defense against an attack like this is training. Be sure to constantly run security training and include mobile in those sessions. Simple steps like always checking the sender’s reply-to address or asking IT before replying to a message could save your organization from being the victim of the next big data breach. Any text, email, WhatsApp message, or any communication that creates a time-sensitive situation should be a red flag. Approach these messages with extreme caution or go straight to your IT and security teams to have them vet it first. Communication from the IRS and other tax agencies traditionally comes through the mail. Even then, you should be sure to validate any communication you receive.”

Chris Morales, head of security analytics at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers, says, “Identity theft is the biggest concern with filing taxes. This means that someone files taxes on your behalf and receives your tax refund. Your claim would be rejected leaving you to contend with proving your identity to the IRS and hoping to get your refund someone else already collected. Normally the recommendation is to not share personal information or sensitive data like social security numbers, however, because of major hacks we have seen in the past, this information may well already be on the dark web for sale to anyone who wants it. The second risk is phishing where someone were to call or email you and demand a payment with the hopes that you provided bank account or credit card information. The IRS would never call or email directly requesting a payment or would it ask for personal information online. It is best to always ignore all of these calls and reach out  to the IRS directly if there are any questions.

"The final risk is malware attacks from email attachments that can compromise your local system to gain access to sensitive information. The IRS would never send an email with an attachment and all of these should be ignored. It is best to reach out to organizations, like the IRS, directly if there are any questions. A risk is malware attacks from links and attachments that can compromise your local system to gain access to sensitive information.”

Joseph Carson, chief security scientist at Thycotic, a Washington D.C. based provider of privileged access management (PAM) solutions, explains, “The reason why consumers still fall for tax scams is quite simple: the emails are so authentic looking it is difficult for consumers to tell the difference from the real thing. These scams are so widespread because they work and it is easy money for cybercriminals. If you have a large target list, and many of the victims are unable to tell the difference between a scam and the authentic notices, then even if a small number of people fall for such a scam, it is still extremely profitable for the cybercriminals. Cybercriminals use a lack of good cyber hygiene, fear of breaking the law and financial penalties if unpaid, as scare tactics which continue to prove effective. There are many ways to stop these scams from being successful. The quickest is to develop better cyber security hygiene by educating consumers on ways to detect email scams. Another way to stop and prevent such scams is to use a good email spam filter that will help ensure such email scams do not make it to the email inbox. If an email does make it into the inbox, then go to the website and call the number to check if it is authentic and do not call the number if provided within the email as, most likely, it is fake also. Check the email sender address and not the display name. Check the email for spelling mistakes. Check any hyperlink addresses by hovering over them to see where they send you. However, do not click on the links. Also check your personal details for accuracy. These simple tips can help avoid a potential cybersecurity nightmare.”

Abhay Bhargav, CEO at we45, notes, “This is not uncommon, as a standard seasonal phishing attack. During special events or at certain specific moments in time, phishers leverage that event as an opportunity to financially cash in on the event. In this case, clearly the objective is to deploy malware on the tax preparer's machines and cause some data exfiltration over time. This is valuable data, from an attacker's perspective. By compromising Tax Filing professionals, there could be several possible outcomes including:

·      Highly confidential detail of the tax preparer's clients and their personal and financial information

·      Access to Banking Information and possibly credit card information of the clients”

KEYWORDS: cyber security IRS phishing tax fraud

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security newswire default

    IRS Reports Major Drop in Identity Theft, Fraudulent Tax Refunds

    See More
  • scam alert

    IRS warns university students and staff of email scam

    See More
  • Sen. Grassley Seeks Accounting of Treasury, IRS' Use of Whistleblower Information on Potential Tax Evasion

    See More

Related Products

See More Products
  • into to sec.jpg

    Introduction to Security, 10th Edition

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing