- Phishing / social engineering: scammers pose as the IRS, software vendors, or partners to trick you into giving e-Services credentials or your EFIN. IRS+1 - Stolen credentials / weak authentication: reused or weak passwords, no multi-factor authentication, or leaked credentials let attackers log in and retrieve EFIN info. IRS - Malware or network breach: ransomware/keyloggers on a preparer’s computer or network can exfiltrate EFINs and e-Services access. IRS - Insider misuse or accidental exposure: employees, ex-employees, or contractors who have access share or misuse the EFIN (intentionally or not). IRS - Scams that request documentation: fraudulent emails instructing you to fax or upload EFIN documents to a bogus number/portal. These have been widely reported. revenuefiles.delaware.gov - Using an EFIN improperly (e.g., an EFIN from a previous employer or an EFIN not owned by your current firm) — this can be treated as invalid/compromised use.