- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
IRS Warns of EFIN Scam
The Internal Revenue Service has issued an urgent warning to tax professionals over a new scam in which cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs).
Carrying the subject line “Verifying your EFIN before e-filing,” the scam email purports to be from “IRS Tax E-Filing.”
In the body of the bogus email, targets are asked to send an EFIN acceptance letter dated within the last 12 months and scans of the front and reverse of their driver’s license to a fake email address in order for their EFIN to be verified.
Thieves who obtained the EFIN and driving license data of a tax professional could use it to impersonate that professional and file fraudulent returns.
“Phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information, and we often see increased activity during filing season,” said IRS commissioner Chuck Rettig.
“Tax professionals must remain vigilant. The scammers are very active and very creative.”
In an alert jointly issued February 10 by the IRS, state tax agencies, and the tax industry, tax professionals who receive this particular scam email are asked to save it as a file and send it as an attachment to phishing@irs.gov.
Tax professionals were also warned to be on the lookout for other common phishing scams that seek their EFINs, Preparer Tax Identification Numbers (PTINs), or e-Services usernames and passwords.
To Erich Kron, security awareness advocate at KnowBe4, the appearance of tax scams in the first quarter of the year is “as inevitable as paying taxes.”
“These tax-themed email phishing attacks are a powerful tool for cybercriminals to steal sensitive information such as social security numbers or bank account information, redirect payments or steal credentials that will allow them to file fake tax returns,” Kron told Infosecurity Magazine.
“To defend against these scams, educating people about the types of scams occurring and the red flags, such as links that go to different websites when you hover over them, unexpected requests for sensitive information such as login information or social security numbers, is critical.”