Light Dark
March 22, 2021 By David Bisson 2 min read
News

Many people are familiar with U.S. Internal Revenue Service (IRS) scam letters fishing for money around tax season. Now, a new form of IRS scam targets tax professionals in a virtual version of the fake IRS letter.

The IRS warned tax professionals to be on the lookout for a scam that attempts to steal a victim’s E-Filing Identification Number (EFIN). Attackers use a fake email to target tax preparers’ identities and their clients’ data. Then, if they do get the information, attackers can impersonate the tax preparer and file fraudulent tax returns to get refunds.

Read on to learn how this IRS scam works and how to stay safe this tax season:

New IRS Scam Targets EFINS

According to the IRS, the ruse began with a scam email. This email claimed to come from ‘IRS Tax E-Filing.’ The subject line reads ‘Verifying your EFIN before e-filing.’

The email informs the tax preparer that they need to send over some documents to verify authorized E-File personnel. It then asks for a copy of both their EFIN and driver’s license number. To add some urgency to the threat, the email says the IRS will disable the tax preparer’s E-Filing access if they don’t comply.

The IRS urged tax preparers to not follow any of the steps outlined in the email. The best thing to do is to delete the email and not respond in any way.

Other Tax Scams

The IRS and other outlets have highlighted several other notable tax scams this season. In the beginning of February, for instance, the IRS warned taxpayers about the threat of ‘ghost’ tax return preparers who refuse to sign people’s returns that they prepare. Tax preparers are required to sign each return that they prepare and include their Preparer Tax Identification Number.

According to the IRS, the absence of a signature could indicate that a tax preparer is engaged in dishonest activity. They could be promising large refunds and charging fees based on the size of those refunds, for instance.

Another tax-related scam used fake SMS-based text messages that appeared to come from Her Majesty’s Revenue and Customs (HMRC) to trick U.K. recipients into thinking they could get a tax rebate. The scam messages arrived with a link that, when clicked, sent the user to a web page made to look like a real U.K. government website.

The bogus website domain, along with multiple grammatical errors, gave away the web page as a fake. It linked to a page designed to steal visitors’ personal information, including their credit card details. After scooping up their information it redirected victims to a real U.K. government page.

How to Stay Safe Against an IRS Scam

Organizations can defend themselves and their users against an IRS scam by investing in their email security defenses. One of the ways they can do this is by creating a security awareness training program and educating their workforce about some of the most common types of tax-based phishing emails and other scams that are in circulation.

To keep their employees aware of this IRS scam and similar attacks, organizations should test their employees on an ongoing basis. They should also use threat intelligence to stay on top of the newest tax scams.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature