The Internal Revenue Service and the Security Summit partners warned tax professionals that savvy cybercriminals target IRS-issued identification numbers to help impersonate practitioners as well as taxpayers.
The Internal Revenue Service, state tax agencies and the tax industry is urging tax practitioners to maintain and monitor their Electronic Filing Identification Numbers (EFINs) and Centralized Authorization File (CAF) numbers to help safeguard taxpayer data. Cybercriminals sometimes post stolen EFINs, PTINs and CAF numbers on the Dark Web as a crime kit for identity thieves who can then file fraudulent tax returns. EFINs are necessary for tax professionals or their firms to file client returns electronically. Preparer Tax Identification Numbers (PTINs) are issued to those who, for a fee, prepare tax returns or claims for refund. CAF numbers are issued when tax practitioners or their firms file a request for third-party access to client files. To assist tax professionals, the IRS created a new video and web page – How to Maintain, Monitor and Protect Your EFIN. These offer tips to practitioners. Tax professionals should update their EFIN application within 30 days of any change, including if there are new personnel, telephone numbers, addresses or email addresses. Keeping the application up-to-date means any correspondence from the IRS will go to the correct person and the correct address. EFINs can only be obtained from the IRS. They are not transferable should a business be sold. Also, … Read More
The IRS, state tax agencies and the tax industry reminded tax professionals that they are responsible for protecting access to their IRS e-Services account and safeguarding their Electronic Filing Identification Number (EFIN) from thieves. National and international criminal syndicates routinely attempt to steal tax professionals’ usernames and passwords so they may access IRS e-Services to obtain the EFIN, which allows a criminal to steal clients’ sensitive information. Increasing awareness about protecting e-Services and EFINs is part of a “Don’t Take the Bait” campaign, a 10-part series aimed at tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to learn to protect themselves from password thefts. This is part of the ongoing Protect Your Clients; Protect Yourself effort. “For tax professionals working with the IRS, protecting these account numbers is critical,” said IRS Commissioner John Koskinen. “Practitioners should maintain, monitor and protect their Electronic Filing Identification Number. Failing to do so can be disastrous for their business and their clients.” Protecting Clients and Their Businesses from e-Services/EFIN thieves Cybercriminals routinely use spear phishing emails to target tax practitioners. The emails impersonate IRS e-Services, trying to trick practitioners into disclosing their username and password. … Read More