On 18 March 2020, the 10-year anniversary of the effective date of FATCA, U.S. Internal Revenue Service (“IRS”) released a notice stating that recently circulating letters with the subject Electronic Filing Identification Number (“EFIN”) are not official communication from the Internal Revenue Service (Link).
The IRS states that it has identified a new version of a phishing email scam targeting tax professionals. The fake email states the preparer’s EFIN has been put on a temporarily hold and warns the EFIN will be suspended unless the preparers open an embedded document and confirm or deny that they submitted the Form 1040. The embedded “1040” document likely contains malware.
The IRS reminds all tax professionals that they are targets of cybercriminals seeking to steal client data or the practitioners’ identities. Thieves use many variations of phishing emails such as this. The fake emails are characterized by an urgent message (your EFIN will be suspended) and try to entice recipients to open a link or attachment. The IRS urges all tax professionals to be on alert and take security steps to protect their clients and their businesses. Review Publication 4557, Safeguarding Taxpayer Data, for how to be safer (Link).
Some simple steps include:
- Using the multi-factor authentication option offered by tax software to protect accounts from unauthorized access.
- Use strong password protections on all devices.
- Never open suspicious emails, links and attachments may carry malware.
- Use strong security software and keep it updated