UPDATED 20:58 EST / FEBRUARY 14 2021

SECURITY

Internal Revenue Service warns of tax phishing scam

The U.S. Internal Revenue Service has issued an urgent warning concerning a phishing scam that seeks to steal Electronic Filing Identification Numbers.

The scam, which emerged just before the tax filing season began Feb. 12, involves emails that impersonate the IRS with a subject line “verifying your EFIN before e-filing.” The text of the email asks tax preparers to email copies of the EFIN verification and driver’s license with a fake warning that if they do not comply, their ability to file tax documents electronically will be disabled.

In the event that victims fall for the scam, the information obtained can be used to illegally file tax returns for refunded by impersonating the victim.

“Tax professionals who received the scam should save the email as a file and then send it as an attachment to phishing@irs.gov,” the IRS advised in the Feb. 10 notice. “They also should notify the Treasury Inspector General for Tax Administration… to report the IRS impersonation scam.”

Although IRS impersonation scams are not new, there’s a COVID-19 pandemic angle to the current phishing campaign. “Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic,” the IRS explains. “The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to be their tax information.”

Tax scams are “as inevitable as paying taxes,” Erich Kron, security awareness advocate at security awareness and training firm KnowBe4 Inc., told SiliconANGLE.

“These scams use a multitude of scenarios that individuals and organizations face each year, as they work through the often confusing, stressful and frustrating task of figuring out how much they will owe or will get refunded, by the government,” Kron explained. “This stress and confusion only serve to make the scammers’ job easier.”

And tax-themed phishing attacks are a powerful tool for cybercriminals to steal sensitive information such as social security numbers or bank account information, redirect payments or steal credentials that will allow them to file fake tax returns, Kron added. “To defend against these scams, educating people about the types of scams occurring and the red flags, such as links that go to different websites when you hover over them, unexpected requests for sensitive information such as login information or social security numbers, is critical,” he said.

Photo: MBisanz/Wikimedia Commons

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.