Don’t Take the Bait – IRS e-Services and EFIN Security

The IRS is currently running a 10-week series on security updates for tax professionals called “Don’t Take the Bait”. The seventh installment, released August 25th, focuses on strategies for protecting access to IRS e-Services accounts and safeguarding Electronic Filing Identification Numbers (EFIN) from thieves.

As discussed in previous installments of this series, cybercriminals often use spear phishing emails in order to steal from tax practitioners. In this case, they pose as IRS e-Services with the goal of gleaning username and password information. With these credentials they are able to access e-Services accounts and steal EFINs, among other information, which they subsequently use to file fraudulent tax returns.

The IRS urges tax professionals take particular care with their EFINs, offering the following advice:

  • Maintain EFINS. Once they have been issued, regularly review your e-file applications, make sure information is accurate, update any information that changes, and be aware of what situations require new applications for EFINs (e.g., sale of a business, new office location, etc.)
  • Monitor EFINs. Particularly during tax season, be sure to regularly check on the EFIN’s status to ensure that it is not being used by others. Compare your filing records with those of the IRS to make sure that the number of returns filed matches. Contact the IRS e-help Desk at 866-255-0654 if you discover any unexplained disparities.
  • Protect EFINs. Take measures to protect the security of your EFINs, such as learning about phishing scams and how to identify them, being wary of suspicious emails, and using strong passwords and changing them periodically.

For more details, read the article in full at