SMS phishing assaults pretending to be from the IRS have skyrocketed in recent months, prompting a warning from the IRS to U.S. citizens.
According to a recent alert, the IRS has “discovered and reported thousands of bogus domains related to several MMS/SMS/text scams (known as smishing) targeting taxpayers” thus far in 2022.
IRS-related smishing has escalated dramatically over the past few months, and notably during the past few weeks.
Larger than life
The idea behind these scams is straightforward: a threat actor purchases an American’s phone number, typically on the dark web, and writes an SMS message stating the sender is the IRS and that the recipient has outstanding debts, frozen bank accounts, probable legal difficulties, or anything similar. In addition to the text, the victim will receive a link by SMS, which they may use to either go over the “accusations” or take care of the situation.
Clicking on the link takes the victim to a fake website made to seem like legitimate financial institution’s websites. The goal of these sites is to get the victim to reveal private information, like their name, address, and credit card number.
“This is phishing on an industrial scale,” IRS Commissioner Chuck Rettig said, suggesting hundreds might receive bogus emails.
According to the IRS, “in recent months, there have been many large-scale smishing campaigns that have delivered thousands, and even hundreds of thousands of IRS-themed messages in hours or a few days, significantly beyond previous levels of activity.”
It’s not the first time a threat actor has impersonated U.S. government agencies via phishing. The Federal Communications Commission (FCC) issued a similar warning in July, notifying thousands of Americans that someone is pretending to be the FCC to steal their personal information.
- Some previous WhatsApp versions are insecure, fix them now
- Hackers use James Webb telescope photos now
SMS from strangers should be handled like emails, especially if they contain links and an urgent tone.