The Internal Revenue Service is warning Americans against a recent rise of smishing attacks—phishing through text messages—identifying thousands of fraudulent domains that are targeting taxpayers through fake COVID relief, tax credits, or even help with setting up an IRS online account.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS Commissioner Chuck Rettig, prompting the agency to publish the news release. “In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands—and even hundreds of thousands—of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”
During the last few weeks, the frequency of IRS-themed attacks, aimed at stealing personal and financial information, has increased exponentially. The messages look like they come from the agency.
Scammers send out texts that direct citizens to click on links to fraudulent websites, identical to legitimate ones, which collect sensitive financial and personal information or potentially install malicious code into their devices.
The IRS does not send emails or text messages asking for such information. Recipients of the scams can report them to [email protected]. Reporting on such incidents can help the agency identify more of these websites and related messages, and assist in protecting other taxpayers.
Phishing is the most common online scam, consisting of over twice as many incidents as any other crime.
Examples of smishing include text messages from financial institutions like banks, gift smishing offering free services or products, confirmation smishing involving false confirmation of a recent purchase, and customer support smishing with fake representatives pretending to help the recipient resolve an issue.
Incident Spikes From 2020
The rise of smishing scams began in the fall of 2020, said the agency, and continued throughout the COVID-19 pandemic.
When the IRS figures out related websites and identifies patterns, the scammers move their target to other groups and make use of algorithms to generate thousands of fraudulent websites. Hence, reporting regularly helps the agency keep up with new domains and attack variants.
A recent campaign used just three dozen stolen or bogus email addresses to create over 1,000 fraudulent domains, said the agency.
“Particularly in these cases, the best offense is a good defense,” said Rettig. “Taxpayers and tax pros need to remain constantly vigilant with suspicious IRS-related emails and text messages. And if you get one, sending the IRS important details from the text can help us disrupt the scams and protect others.”
In September 2020, there were several smishing attacks designed to bait people into providing credit card info for a free iPhone 12, and accepting false USPS and FedEx package deliveries. Then, there were U.S. government impersonators sending text messages asking people to undergo a mandatory COVID-19 test via a linked website.
October is Cybersecurity Awareness Month, and the agency is warning everyone to be on the lookout for scams and schemes that could put sensitive tax data at risk.
From The Epoch Times
