The Internal Revenue Service (IRS) issued an alert Thursday warning about an email scam impersonating software providers seeking to steal critical information that gives them access to client data of tax preparers.
Scammers posing as tax software providers are requesting electronic filing identification number (EFIN) documents from tax professionals, the IRS said. These scammers claim the docs need to be verified so that tax preparers can send returns to the IRS. EFIN is a number assigned by the agency to tax preparers accepted into the e-filing program and signifies they are an authorized IRS e-filing service provider.
Scammers seek to “steal client data and tax preparers’ identities, creating the potential for them to file fraudulent tax returns for refunds,” the IRS stated. The agency reports to have already received “dozens of reports” of such scams targeting tax professionals. A typical scam email being sent to tax preparers is as follows:
“Help us protect you. Because many EFINs are stolen each year and used to file fraudulent tax returns, the IRS has asked software vendors, such as Software A, to verify who the EFIN owner is by getting a copy of the IRS-issued EFIN document(s). Our records show that we do not have a document for one or more of the EFINs that you transmit with.”
The email then claims that unless the tax professional’s EFIN is verified, they won’t be able to transmit returns and asks them to fax the EFIN summary document. It also details steps for the tax preparer to obtain the required document in case they do not have it.
The IRS warned tax preparers to be “alert” for such emails that include a U.S.-based area code for faxing EFIN documents. Such scam emails also tend to have inconsistencies in their wording.
The agency asked tax professionals receiving such messages to “not respond,” and not to proceed with any of the steps outlined in the message.
“With filing season underway, scammers use this time of year to target tax professionals as well as taxpayers in hopes of stealing information that can be used to try filing fraudulent tax returns,” said IRS Commissioner Danny Werfel. “The IRS and the Security Summit partners have noticed a new surge of an EFIN scam email that targets professionals.”
“This scam serves as a powerful reminder that tax professionals should ensure strong security at their practices, including reminding employees to be careful with any emails coming in that could be posing as an official communication. A little extra caution can mean a world of difference for tax professionals during this busy period.”
The IRS is conducting special webinars next week featuring the agency’s cybersecurity experts to help tax preparers deal with these scams.
“Tax pros who receive the scam email should notify the Treasury Inspector General for Tax Administration (TIGTA) to report the IRS impersonation scam. They should also save the email and send it as an attachment to [email protected],” the IRS said.
Scams Targeting Tax Preparers
Last year, the IRS warned tax professionals to watch out for “spearfishing,” which is a phishing attempt tailored to a specific organization or business and targets tax preparers.“Spearphishing begins with a suspicious email—one that may appear as a tax preparation application or another e-service or platform. Some scammers will even use the IRS logo and claim something like ‘Action Required: Your account has now been put on hold.’ Often these emails stress urgency and will ask tax pros or businesses to click on links to input or verify information,” the IRS said at the time.
The agency advised tax professionals to never click on suspicious links, to double check the requests with the original sender, and to be vigilant against scams all year round and not just during filing season.
Last month, the IRS alerted tax preparers regarding new filing-season related scams targeting them. A new scam involves cybercriminals sending emails posing as potential clients.
Fraudsters are impersonating real taxpayers and trying to use emails to obtain sensitive data or get access to the tax preparer’s client data. The data will then be used to prepare fake tax returns to collect refunds or for other types of fraud.
“These intricate email scams pose a real risk to tax professionals and the taxpayers they represent,” Mr. Werfel said. “We urge tax professionals and their employees to be extra cautious when receiving unexpected email solicitations and avoid clicking on links or opening attachments.”
Last year, the IRS received hundreds of reports for this new scam, the agency stated. This scam represented roughly two-thirds of the 400 reports of business email compromise (BEC) or business email spoofing (BES) complaints received by the agency.
“Given the mass production of these messages by cybercriminals, the number of actual spearphishing emails sent to tax professionals associated with these campaigns likely runs into the thousands with the goal to reach tens of thousands of preparers operating across the country,” the IRS stated.
Scammers typically send an email containing malicious links or attachments. More cautious scammers may first make harmless contact with the tax preparer and ask them whether they are seeking new clients. If the reply is positive, they send another email with the malicious content.
The emails typically require the tax preparer to download a file/files that could be presented as the potential client’s tax information. Alternatively, it may be a link claiming to contain the client’s info.
However, cybercriminals can use this to steal the preparer’s email address, password, and other information. The fraudsters can also load malware into the networks of the tax preparer and gain system access.
