IRS Warns Tax Professionals of EFIN ScamFebruary 25, 2021
Did you receive a suspicious email about your electronic filing identification numbers (EFINs)? Don’t open it! Here’s what you should know.
Attention tax professionals…the IRS is warning filers of a new email scam that impersonates the IRS and attempts to compromise Electronic Filing Identification Numbers (EFINs). Here’s how you can remain vigilant against identity thieves.
What’s the scam?
The scam comes in the form of an email from “IRS Tax E-Filing” with subject line: “Verifying your EFIN before e-filing”.
The body of the email reads:
“In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver’s license before you e-file.
Please have a current PDF or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-services account at IRS.gov, and Front and Back of Driver’s License emailed in order to complete the verification process. [Fake Email Address]
If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.”
What should I do if I get the email?
The Security Summit says recipients should not take any of the steps outlined in the email and should not respond. Instead, tax professionals who received the email should save it as a file and send it as an attachment to email@example.com . It’s also wise to notify the Treasury Inspector General for Tax Administration at www.tigta.gov to report the IRS impersonation scam.
Another scam—criminals posing as clients
Also be aware that, due to the increase in remote transactions due to the COVID-19 pandemic, some thieves are posing as potential clients. Be wary of any email with an attachment that claims to be tax information from a “new client”. The attachment link likely contains malware that allows the criminal to access passwords or take control of your entire system.
Quick Tips—spotting a phishing scam
- Check the reply email- is it a slight variation of the company or employee name?
- Hover over the links—Make sure a link points to the correct domain, not a slight variation. Scammers are sneaky—check every letter!
- Exercise caution if you receive an email from someone who usually only contacts you by phone—it could be a scam artist!
- Watch out for generic emails containing little or no specific information about your business.
- Be sure to keep an eye on your credit and note any unusual changes.
Make sure you’re always on guard when it comes to cybersecurity! If an email looks suspicious, it probably is!
Even if an email does not contain any of these common phishing indicators, always be on guard, and check with your technology people before opening or clicking links if you are even a little bit suspicious.
Questions? We can help.