Tax Pros Alert: EFIN Scams Don’t Sleep — Spot, Report & Lock Down Now (Tax Tip 2025-57)

ARUN KP

August 18, 2025

Updated: Aug 18, 2025

A new IRS Tax Tip warns of a phishing scheme where criminals pose as tax software providers and try to trick preparers into faxing their EFIN. Here’s the playbook to stop it, report it, and protect your clients.

How the EFIN scam works

The hook

Scammers impersonate your tax software provider and ask you to fax your EFIN “for verification.” Once obtained, they can steal client data and e-file fraudulent returns for refunds.

Targets & data

They often also phish for PTIN, EFIN, and e-Services usernames/passwords to take over your practice systems.

Bottom line: Never send EFIN or credentials by email or fax based on an unsolicited message.

Source: IRS Tax Tip 2025-57.

If you receive an EFIN phishing email: do this

  1. Do not reply, click links, open attachments, or fax anything.
  2. Preserve the email: forward as an attachment (with full headers) to phishing@irs.gov.
  3. Notify your software provider named in the email (account security team).
  4. Alert TIGTA (IRS impersonation hotline) and your local IRS Stakeholder Liaison if data theft may have occurred.
Report phishing to IRS Report IRS impersonation (TIGTA) Read Tax Tip 2025-57
Forwarding as an attachment keeps the email headers intact. If you can’t capture headers, include the original email and any malicious URLs.

How to report it — and why it matters

WhereWhat to sendWhy
IRS phishing (phishing@irs.gov) Forward the scam email as an attachment with full headers and any URLs Helps IRS warn providers and block malicious infrastructure
TIGTA (hotline / web) Details of the impersonation (sender, content, requested data) Opens an IRS-related impersonation case where appropriate
Your software provider Copy of the message; affected usernames/emails Lets them investigate spoofing and protect other customers
IRS Stakeholder Liaison If client data may be at risk, contact your local Liaison ASAP IRS can take steps to block fraudulent returns and guide your next steps

The only correct way to share EFIN information

Legitimate EFIN verification requests are handled inside your tax software provider’s secure portal — never by replying to random emails or sending faxes. Always sign in directly to the vendor site (don’t use email links) and verify the request with support before uploading anything.

Security hardening checklist (15 minutes)

Accounts & access

  • Turn on MFA for tax software, cloud storage, email, and IRS e-Services.
  • Require unique passwords + a password manager for staff.
  • Review who has access to EFIN/IRM data; remove stale accounts.

Training & testing

  • Run a quick phishing drill on “software verification” requests.
  • Post a one-pager: “We never fax EFINs. All verifications happen in the portal.”

Client protection

  • Encourage IP PINs for vulnerable clients to prevent fraudulent e-filing.
  • Have an incident plan: who to call, what to isolate, how to notify.
Pro tip: Bookmark the IRS’s “Identity Theft Information for Tax Professionals” hub and review it each season-opening and quarterly thereafter.

Quick links & resources

#IRS #EFIN #Phishing #TaxSecurity

Educational content — not legal or tax advice. Verify details on IRS.gov and consult your software provider for account-specific procedures.

Leave a Reply

Subscribe to our newsletters. We’ll keep you in the loop.

Copyright © 2024 PEAK BCS VENTURES INDIA PRIVATE LIMITED. All rights reserved.

Discover more from PEAK UPLOOK

Subscribe now to keep reading and get access to the full archive.

Continue reading