Tis the season for IRS and tax scams; the latest is targeting tax professionals to get them to reveal sensitive data.

The Internal Revenue Service and Security Summit financial industry partners warned about the scam, which like many these days involves phishing, earlier this month.

According to the government agency, the new campaign is impersonating the IRS - specifically the emails say they're from IRS Tax E-Filing - and asks recipients for their EFIN, or e-file identification number, and Driver's license. The emails contain the subject line "Verifying your EFIN before e-filing" and judging from the IRS' warning, appear legitimate.

According to the IRS, the emails read as follows:

In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver's license before you e-file.

Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver's License emailed in order to complete the verification process. Email: (fake email address)

If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.

© 2021 EFILE. All rights reserved. Trademarks
2800 E. Commerce Center Place, Tucson, AZ 85706

While tax scams are certainly nothing new - they're commonplace this time of year - it's safe to say the pandemic has heightened the risk around them and increased the susceptibility of users, many who are still working from home almost a year later.

While the IRS didn't go into detail around what the phishing campaign emails contained - whether they contain malware or entice users to click onto a suspicious looking link - but it did exercise caution around both. It also cautioned against interacting with the email sender.

"Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic. The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to be their tax information," the IRS warned, "The attachment may contain malware that allows the thief to track keystrokes and eventually steal all passwords or take over control of the computer systems."

The IRS is warning that with the stolen information, attackers would have a much easier time filing fake tax returns for refunds. It’s likely the stolen data could also used to apply for unemployment and COVID-19 benefits in some states as well.

In the past few months, attackers have ramped up activities targeting websites containing personal data, namely financial services websites belonging to mortgage lending providers, credit reporting bureaus, and auto insurers.

The New York Department of Financial Services warned earlier this month that cybercriminals are exploiting vulnerabilities in those sites in order to harvest non-public information, like drivers' license numbers, to carry out identity theft.

It probably shouldn't come as a surprise that COVID-19 related tax fraud was one of the biggest issues uncovered by the IRS' Criminal Division Annual Report (.PDF) this month. The scams mostly spilled over from last year’s tax season, which was extended because of the pandemic. New York CPAs participating in the Annual Tax Software Survey for 2020 in particular reported an increase in cybersecurity attacks during the 2020 calendar year.