UPDATED 20:58 EDT / FEBRUARY 14 2021

SECURITY

Internal Revenue Service warns of tax phishing scam

The U.S. Internal Revenue Service has issued an urgent warning concerning a phishing scam that seeks to steal Electronic Filing Identification Numbers.

The scam, which emerged just before the tax filing season began Feb. 12, involves emails that impersonate the IRS with a subject line “verifying your EFIN before e-filing.” The text of the email asks tax preparers to email copies of the EFIN verification and driver’s license with a fake warning that if they do not comply, their ability to file tax documents electronically will be disabled.

In the event that victims fall for the scam, the information obtained can be used to illegally file tax returns for refunded by impersonating the victim.

“Tax professionals who received the scam should save the email as a file and then send it as an attachment to phishing@irs.gov,” the IRS advised in the Feb. 10 notice. “They also should notify the Treasury Inspector General for Tax Administration… to report the IRS impersonation scam.”

Although IRS impersonation scams are not new, there’s a COVID-19 pandemic angle to the current phishing campaign. “Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic,” the IRS explains. “The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to be their tax information.”

Tax scams are “as inevitable as paying taxes,” Erich Kron, security awareness advocate at security awareness and training firm KnowBe4 Inc., told SiliconANGLE.

“These scams use a multitude of scenarios that individuals and organizations face each year, as they work through the often confusing, stressful and frustrating task of figuring out how much they will owe or will get refunded, by the government,” Kron explained. “This stress and confusion only serve to make the scammers’ job easier.”

And tax-themed phishing attacks are a powerful tool for cybercriminals to steal sensitive information such as social security numbers or bank account information, redirect payments or steal credentials that will allow them to file fake tax returns, Kron added. “To defend against these scams, educating people about the types of scams occurring and the red flags, such as links that go to different websites when you hover over them, unexpected requests for sensitive information such as login information or social security numbers, is critical,” he said.

Photo: MBisanz/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.

 

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.