The Internal Revenue Service has issued an urgent warning to tax professionals over a new scam in which cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs).
Carrying the subject line “Verifying your EFIN before e-filing,” the scam email purports to be from “IRS Tax E-Filing.”
In the body of the bogus email, targets are asked to send an EFIN acceptance letter dated within the last 12 months and scans of the front and reverse of their driver’s license to a fake email address in order for their EFIN to be verified.
Thieves who obtained the EFIN and driving license data of a tax professional could use it to impersonate that professional and file fraudulent returns.
“Phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information, and we often see increased activity during filing season,” said IRS commissioner Chuck Rettig.
“Tax professionals must remain vigilant. The scammers are very active and very creative.”
In an alert jointly issued February 10 by the IRS, state tax agencies, and the tax industry, tax professionals who receive this particular scam email are asked to save it as a file and send it as an attachment to phishing@irs.gov.
Tax professionals were also warned to be on the lookout for other common phishing scams that seek their EFINs, Preparer Tax Identification Numbers (PTINs), or e-Services usernames and passwords.
To Erich Kron, security awareness advocate at KnowBe4, the appearance of tax scams in the first quarter of the year is “as inevitable as paying taxes.”
“These tax-themed email phishing attacks are a powerful tool for cybercriminals to steal sensitive information such as social security numbers or bank account information, redirect payments or steal credentials that will allow them to file fake tax returns,” Kron told Infosecurity Magazine.
“To defend against these scams, educating people about the types of scams occurring and the red flags, such as links that go to different websites when you hover over them, unexpected requests for sensitive information such as login information or social security numbers, is critical.”
If you’ve been checking your IRS tax transcripts and noticing that refund dates look farther…
.Every year, millions of working Americans miss out on money they’ve already earned — not…
If you’re claiming the Earned Income Tax Credit (EITC) or the Additional Child Tax Credit…
Tax season brings refunds, relief—and unfortunately, scammers. Each year, thousands of taxpayers fall victim to…
Last updated for the 2026 tax filing season The Protecting Americans from Tax Hikes (PATH)…
The 2026 tax season is officially underway, and as happens every year, a small number…