The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks.
“So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers,” the IRS warned. “In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially.”
Such scam texts redirect U.S. taxpayers to phishing landing pages designed to collect sensitive information using various baits (e.g., unpaid bills, bank account problems, or law enforcement actions).
For instance, the sender of phishing text messages can be spoofed to make it appear that they’re someone the targets are more likely to trust, such as U.S. government agencies like the IRS.
Some of the most convincing and devious lures in SMS phishing are links that send the targets to pages impersonating bank sites and asking them to verify a purchase or unlock frozen credit cards.
While some of the attackers behind these phishing campaigns focus on stealing payment details, others are not picky and will be happy to harvest any personal info they can get to use in various other scams or to sell to others.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS Commissioner Chuck Rettig.
“In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”
[embedded content]
Defense against SMS phishing
The Federal Communications Commission (FCC) issued a similar warning in July, alerting Americans of an increasing wave of SMS phishing attacks targeting their money and personal info.
According to the U.S. communications watchdog’s Robocall Response Team, these phishing messages (or robotexts as the FCC calls them) will hit billions of phones every month.
The FCC shared the following list of measures to help defend against SMS phishing attacks:
Do not respond to texts from unknown numbers or any others that appear suspicious.
Never share sensitive personal or financial information by text.
Be on the lookout for misspellings or texts that originate with an email address.
Think twice before clicking any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to ensure they weren’t hacked.
If a business sends you a text you weren’t expecting, look up their number online and call them back.
Remember that government agencies almost never initiate contact by phone or text.
If you think you have fallen victim to an IRS-themed texting scam, you should report it to the IRS by emailing the sender’s information and the message body to phishing@irs.gov.
“Scam SMS/text messages can also be copied and forwarded to wireless providers via text to 7726 (SPAM), which helps them spot and block similar messages in the future,” the IRS added.
“Taxpayers and tax pros need to remain constantly vigilant with suspicious IRS-related emails and text messages. And if you get one, sending the IRS important details from the text can help us disrupt the scams and protect others.”