No, the IRS is not texting you - it's a phishing scam
Someone's impersonating the IRS in a widespread phishing campaign
The U.S. Internal Revenue Service (IRS) is warning citizens that the number of SMS phishing attacks impersonating the tax office has gone through the roof lately.
"So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers," the IRS said in a recent warning.
"In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially."
Industrial scale
The premise of such scams is simple: a threat actor will obtain a phone number from an American citizen, usually on the black market, and draft an SMS message claiming the sender is the IRS, and that the recipient has unpaid bills, frozen bank accounts, potential legal issues, or something similar. The same SMS message will also carry a hyperlink, inviting the victim to click and either review the “accusations” or address the issue completely.
The link leads the victim to a specially crafted landing page, designed to look exactly like pages from different banks, or similar. There, the victim is enticed to share sensitive information such as personally identifiable data, or payment information.
"This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages," the publication cited IRS Commissioner Chuck Rettig saying.
"In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This is not the first time a threat actor impersonated U.S. government agencies in phishing attacks. Last July, the Federal Communications Commission (FCC) was forced to issue a similar warning, letting thousands of Americans know that someone is posing as the FCC and going after their personal information.
As with emails from unknown senders, people should be extra careful when receiving SMS messages from people they don’t know, especially if those messages carry links and a sense of urgency.
- These are the best firewalls around
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.