The Inner Earnings Provider has issued an urgent warning to tax pros above a new rip-off in which cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs).
Carrying the subject line “Verifying your EFIN in advance of e-filing,” the scam email purports to be from “IRS Tax E-Submitting.”
In the physique of the bogus email, targets are asked to ship an EFIN acceptance letter dated inside the past 12 months and scans of the entrance and reverse of their driver’s license to a bogus email tackle in purchase for their EFIN to be confirmed.
Burglars who received the EFIN and driving license facts of a tax experienced could use it to impersonate that skilled and file fraudulent returns.
“Phishing cons are the most prevalent tool utilised by identity burglars to trick tax gurus into disclosing sensitive info, and we normally see enhanced action during filing time,” mentioned IRS commissioner Chuck Rettig.
“Tax pros need to continue to be vigilant. The scammers are quite energetic and quite inventive.”
In an alert jointly issued February 10 by the IRS, state tax companies, and the tax field, tax specialists who acquire this individual fraud email are questioned to preserve it as a file and send out it as an attachment to [email protected]
Tax pros were also warned to be on the lookout for other popular phishing cons that request their EFINs, Preparer Tax Identification Quantities (PTINs), or e-Companies usernames and passwords.
To Erich Kron, security awareness advocate at KnowBe4, the overall look of tax frauds in the very first quarter of the yr is “as inescapable as spending taxes.”
“These tax-themed email phishing attacks are a highly effective instrument for cybercriminals to steal delicate details these kinds of as social security quantities or financial institution account details, redirect payments or steal credentials that will allow them to file pretend tax returns,” Kron informed Infosecurity Journal.
“To protect towards these frauds, educating folks about the types of scams occurring and the pink flags, these types of as links that go to diverse sites when you hover around them, unanticipated requests for sensitive information these as login data or social security numbers, is critical.”
Some parts of this report are sourced from: