No, the IRS is not texting you - it’s a phishing scam

Someone’s impersonating the IRS in a widespread phishing campaign

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The U.S. Internal Revenue Service (IRS) is warning citizens that the number of SMSphishingattacks impersonating the tax office has gone through the roof lately.

“So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers,” the IRS said in a recentwarning.

“In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially.”

Industrial scale

The premise of such scams is simple: a threat actor will obtain a phone number from an American citizen, usually on the black market, and draft an SMS message claiming the sender is the IRS, and that the recipient has unpaid bills, frozen bank accounts, potential legal issues, or something similar. The same SMS message will also carry a hyperlink, inviting the victim to click and either review the “accusations” or address the issue completely.

The link leads the victim to a specially crafted landing page, designed to look exactly like pages from different banks, or similar. There, the victim is enticed to share sensitive information such as personally identifiable data, or payment information.

“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” the publication cited IRS Commissioner Chuck Rettig saying.

“In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Smishing attacks see a sharp increase ahead of Black Friday>‘Smishing’: the new SMS fraud>Here’s our rundown of the best antivirus tools right now

This is not the first time a threat actor impersonated U.S. government agencies in phishing attacks. Last July, the Federal Communications Commission (FCC) was forced to issue a similar warning, letting thousands of Americans know that someone is posing as the FCC and going after their personal information.

As with emails from unknown senders, people should be extra careful when receiving SMS messages from people they don’t know, especially if those messages carry links and a sense of urgency.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics