Even though tax season is still months away, the Internal Revenue Service (IRS) has issued a new warning to U.S. taxpayers regarding a recent surge in SMS phishing scams. Through these underhanded tactics, malicious cybercriminals are attempting to steal financial and personal information.
According to the IRS, the agency has already “identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams targeting taxpayers”.
SMS phishing (or smishing) targets mobile users via fraudulent text messages. When a potential victim responds to these messages or clicks on any links they contain, a cybercriminal can then lure them to phishing sites that try to steal financial and personal information, including government or banking credentials.
When dealing with the IRS, it’s always important to keep in mind that the agency will never text or email you. Instead, it will always initiate contact via the U.S. Postal Service. However, the IRS may call or visit you in person in certain situations.
Scam messages impersonating the IRS often use “lures like fake COVID relief, tax credits or help setting up an IRS online account” in order to trick recipients into responding.
This latest campaign also asks taxpayers to click a link that leads to phishing sites, which then attempt to collect their information or to deploy malware on their devices.
IRS commissioner Chuck Retting provided further insight on how widespread tax-related SMS phishing scams have become in a press release (opens in new tab):
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages. In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”
If you do happen to receive a suspicious text claiming to be from the IRS, you can report it to the agency at [email protected] to help prevent others from falling victim to similar scams.
How to stay safe from SMS phishing scams
In a similar warning (opens in new tab) back in July, the Federal Communications Commission (FCC) provided several tips on how to avoid falling victim to SMS phishing scams.
First off, you should never respond to text messages from unknown numbers, or from senders that appear suspicious. Just as with phishing emails, you should also be on the lookout for misspelled words and poor grammar, along with texts that originate from an email address.
Regardless of who sent the text message, you should always think twice before clicking on any links in a text message. For instance, if a friend sends you a text with a suspicious link, you should call them to make sure they weren’t hacked. With texts from businesses, you should look up their number online and call them back instead of responding to the text.
As we mentioned above, government agencies (including the IRS) almost never initiate contact by phone or text.
While tax-related SMS and email phishing scams occur year-round, they usually increase in volume ahead of tax day. This is why you’ll want to be extra-vigilant when checking your text messages or inbox in March and April.