The Internal Revenue Service (IRS) had previously issued several warnings regarding scammers using the IRS name and/or logo to dupe people into giving access to their financial data and subsequently steal their assets. This is a popular tactic employed by fraudsters because the IRS name is recognized by most consumers; consumers have had prior communication with or from the IRS, and/or have previously provided financial data to the IRS. However, the latest alert released by IRS and Summit Partners has warned U.S. taxpayers of an emerging phishing campaign, which the identity thieves are using to gain exclusive consumer information like the Electronic Filing Identification Numbers (EFINs).
The Latest Phishing Campaign
The U.S. taxpaying season begins in the coming month. Leveraging it, scammers are bombarding phishing e-mails, impersonating IRS professionals to potential victims, and trying to steal their data and identities, which allows them to file fraudulent tax returns for refunds. The phishing emails are baiting U.S. taxpayers by using a subject line such as “Verifying your EFIN before e-filing.” The content in the letter forces the user to take immediate action by clicking the link or attachment as it says, “failing to so, will disable the account.” Some of the e-mails are also asking their victims to revert with important documents that contain their identities and EFINs. IRS has also warned of additional malware getting installed through these phishing links and attachments such as the keylogger spyware which would leak the victim’s login credentials.
Additionally, the warning issued is not just for U.S. taxpayers or preparers but also for tax professionals. The tax professionals have been asked to beware of scammers posing as potential clients especially during the ongoing pandemic, where many are resorting to remote tax filing. Targeting and compromising tax professionals gives the scammers access to a larger pool of data from multiple clients. This piece of data contains EFINs, Preparer Tax Identification Numbers (PTINs), and/or e-Services usernames and passwords, etc.
The IRS has asked the tax professionals who have received such phishing emails to save them as a file and send it as an attachment to [email protected]. This should also be notified to the Treasury Inspector General for Tax Administration at www.tigta.gov as an IRS impersonation scam.
Purandar Das, CEO and Co-Founder of Sotero Software, told CISO MAG, “This is another attempt at how criminals continue to evolve their trade. On the face of it, it appears as though this a new scheme. In reality, it is the same old phishing scam targeting a new area. This is a cat and mouse game in many ways. As organizations attempt to fix a previous fault, criminals adapt and target the “fix”. What this demonstrates is, that criminals are nimbler and can adapt faster. Awareness is certainly a key aspect of addressing this issue. Making consumers and individuals less susceptible to manipulation is critical.”
“The other aspect of this is rethinking the technology and security implementations. Building and designing solutions that enable consumers to be in control of their data is one. Enabling a secure process of accessing and enabling second party access is another. Revisiting technology platforms that are more flexible and implementing a continuous improvement focus on security has to happen,” Das added.