
Scammers are impersonating IRS emails to gain personal information.
With tax season already underway, individuals are facing something that is unexpected when doing their taxes, being the target of phishing cyberattacks. The IRS has sent out a dire notice to tax professionals warning them of digital scams involving people trying to steal Electronic Filing Identification Numbers, also known as EFINs.
Agency officials said they have seen a plethora of individuals receiving fake emails. The emails lure in their victims with subject lines like, “Verifying your EFIN before e-filing,” posing as a sender labeled IRS Tax E-Filing. The IRS said tax professionals have become optimal targets for attackers looking for information to help them file fake tax returns and steal identities.
Phishing scams are one of the most popular cyberattacks due to their easy set-up with emails that can expose a large number of potential victims. We have seen an increase in phishing scams since the pandemic started, and often see an increase during tax season. This means that those within the industry have to stay on high alert.
In order to help tax professionals understand what to look out for, the IRS shared some of the subject lines individuals have been receiving, as well as some resources on what to look out for. Within the phishing email, it asks the target to send, “a current PDF copy or image of your EFIN acceptance letter or a copy of your IRS EFIN Application Summary,” and even asks for photos of the front and back of a driver’s license.
The IRS has also seen some of these scammers impersonating a customer that is asking for help. Such emails may include clickables that contain malware and other dangerous hacking implementations. Your email isn’t the only place you should be staying vigilant, though. There has been a similar increase in scams on mobile phones over the last couple of years.
The alarming increase of scams specifically targeting tax firms comes from the desire to gain more valuable information, such as social security numbers and bank account information. Cyberattackers across the world were able to steal billions of dollars last year as the US government worked to keep the economy going with direct payments and PPP loans.
With increasingly sophisticated and ever-changing threats, what can businesses do to stop these phishing attacks from infiltrating their computing networks and detrimentally affecting their customers? There are important steps you can take today to make sure that this does not happen to you.
First, individuals should understand that the IRS will never just email or call to ask for personal information. Second, tax professionals should always go through government agency sites and have a 2-factor authentication on their accounts for extra layers of security. Third, tax professionals should habitually follow some basic “best practices” when evaluating emails, including the examination of the sender’s address and evaluating message content with care.
Moreover, it is important for these safety protocols to be shared. Training employees on these practices is critical, as everyone is a potential target of these cyberattacks.
A warning released by the IRS stated that tax professionals should not click any links within the emails, no matter how urgent they sound. Clicking these links can lead to a download of documents that contain dangerous malware. The agency created an email address, phishing@irs.gov, and those who receive any suspicious emails should reach out to the Treasury Inspector General for Tax Administration.
Keeping your business, your employees, and your customers safe is one of our priorities here at Symmetric IT Group and is something you shouldn’t have to do alone, especially when tax season gets underway. You should be able to focus on what you do best and not have to worry about the security of your IT systems. We are here to help. Reach out to us today at 813-749-0895 or explore our information security page for more information on how you can best protect your business during tax season and beyond.