IRS “EFIN Filing Review” Phishing Email Targets Tax Professionals
Fake IRS EFIN review emails aim to steal tax preparer credentials and client data.
tl;dr
A phishing email posing as the US Internal Revenue Service claims that returns filed under a tax professional’s EFIN require verification. The message links to a fraudulent transcript viewer designed to steal EFIN credentials and other sensitive data. If successful, criminals may gain access to client information and file fraudulent tax returns.
Sidebar: What Is an EFIN?
What is an EFIN and why do scammers want it?
An Electronic Filing Identification Number is issued by the IRS to tax professionals who are authorised to submit electronic tax returns.
The EFIN identifies the preparer within IRS systems and is used as part of the electronic filing process.
Because it is tied to professional identity and filing activity, criminals who obtain EFIN-related credentials may be able to impersonate preparers, submit fraudulent returns, or access sensitive client information. This makes EFINs a high-value target in phishing campaigns.
Overview
A phishing email currently hitting inboxes impersonates the United States Internal Revenue Service (IRS) and targets tax professionals rather than ordinary taxpayers.
The message claims that electronic returns submitted under the recipient’s Electronic Filing Identification Number (EFIN) require additional verification and have been placed on hold. Recipients are urged to access an “IRS Transcript Delivery System Viewer” via a link to review flagged filings.
However, the link leads to a fraudulent website designed to harvest credentials and other sensitive information.
How the Scam Works
The email uses professional terminology, reference numbers, and an official-looking format to convey credibility. It specifically addresses “Tax Professional” recipients and references electronic filing systems used by preparers.
When recipients click the link, they are taken to a fake portal that mimics IRS tools and requests information such as:
• EFIN details
• IRS e-Services login credentials
• Social Security numbers
• Personal identification information
• Client or filing data
This information is sent directly to scammers.
Scam emails like these are blasted out to vast numbers of random recipients in the hope that they will reach the inboxes of at least a few tax professionals who may be vulnerable to the ruse.
Why EFIN Theft Is Dangerous
Stealing a tax professional’s EFIN can have serious consequences that extend far beyond a single victim.
Criminals may be able to:
• File fraudulent tax returns using the stolen EFIN
• Access or impersonate a preparer within IRS systems
• Harvest client information
• Submit refund claims
• Damage the professional’s reputation and compliance standing
Because preparers handle multiple clients, a single compromised account can expose large volumes of sensitive data.
Red Flags in the Email
Despite its professional appearance, the message contains common phishing indicators.
• Unsolicited notice of filing issues
• Urgency and a verification deadline
• Instructions to download or access a “viewer” tool
• Requests for sensitive credentials via a web form
• Generic greeting such as “Dear Tax Professional”
• Links that do not lead to official government domains
The IRS generally does not initiate credential verification through unsolicited emails.
Why This Targeting Works
Scammers increasingly target professionals who have access to high-value data rather than individuals alone. Tax preparers, accountants, and bookkeepers represent attractive targets because they manage sensitive identity and financial information for many clients.
Using technical language such as EFIN, transcript delivery systems, and practitioner services helps the message appear routine and lowers suspicion.
This approach mirrors broader business email compromise tactics that focus on trusted intermediaries.
How Tax Professionals Can Stay Safe
If you receive an email claiming IRS filing issues:
• Do not click links or download tools from the message
• Access IRS e-Services by manually typing the official address
• Never provide EFIN or login credentials via email-linked forms
• Use multi-factor authentication on all tax platforms
• Alert staff members to the scam
• Report suspicious messages to the IRS phishing reporting channel
Organisations should treat unexpected verification requests as potential security incidents.
The Bottom Line
Phishing campaigns are increasingly targeting tax professionals in order to gain access to client data and filing systems. Emails that reference EFIN reviews or transcript tools may be attempts to steal credentials rather than resolve legitimate issues.
Even highly technical and professional-looking messages can be fraudulent. Independent verification is essential before taking any action.
A screenshot of the scam email:
