The US Internal Revenue Service (IRS) warned the US tax professionals about an ongoing campaign to steal their EFIN verification data. The campaign starts with a phishing email from the adversaries impersonating the IRS, asking them to send the EFIN verification and their driver’s license copies to be emailed for verification before filing the returns.

Phishing Campaign For Stealing EFIN Data

Scams related to tax filing are numerous. We’ve seen hackers stealing the taxpayers’ data and the refunds in several ways in the past years. A new campaign in the wild targets the US tax professionals for stealing their filing data and potentially their client’s tax data.

As described by the US Internal Revenue Service (IRS), an ongoing phishing campaign impersonating them is stealing tax professionals’ sensitive data. The phishing email will have a subject line as “Verifying your EFIN before e-filing” and have the following content,

“In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver’s license before you e-file.

Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at, and Front and Back of Driver’s License emailed in order to complete the verification process. Email: (fake email address)

If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.”

The Electronic Filing Identification Numbers (EFINs) are used by and given to verified tax professionals for filing the returns on behalf of their clients. Hackers getting their hands on this information and other verification items can impersonate the tax professional and file returns to loot clients’ refunds.

The IRS has also warned about scams asking for not just the EFINs, but also the “Preparer Tax Identification Numbers (PTINs) or e-Services usernames and passwords.”

These can let attackers into the IRS portal on tax professionals’ behalf and steal their clients’ data. Any attachments or links coming in these phishing emails shouldn’t be engaged and directed to [email protected].