The Internal Revenue Service (IRS) is warning US citizens of a sharp rise in texting scams designed to steal personal and financial information.
The agency has identified thousands of fraudulent domains used in SMS phishing (smishing), with attacks increasing ‘exponentially’ in recent months, especially in the last few weeks.
The scam messages often look like they come from the IRS, advertising fake COVID relief, tax credits or instructions to help set up an IRS online account.
The latest scam texts ask taxpayers to click a link where phishing websites will try to collect their information or deploy malware onto their devices.
The IRS “does not send emails or text messages asking for personal or financial information or account numbers,” the service says, adding that such messages “should all be red flags for taxpayers.”
Cybercriminals are wielding ever-more-advanced tactics to cast a wider net and catch more victims. One such method involves using algorithms to automatically generate thousands of fraudulent domains. A recent campaign used just three dozen email addresses to create over 1,000 fraudulent domains, the service says.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS Commissioner Chuck Rettig.
“Particularly in these cases, the best offense is a good defense,” Rettig added. “Taxpayers and tax pros need to remain constantly vigilant with suspicious IRS-related emails and text messages. And if you get one, sending the IRS important details from the text can help us disrupt the scams and protect others.”
Taxpayers are urged to report these scams to firstname.lastname@example.org, as this enables the agency to report these scams to the appropriate service providers for action, protecting other taxpayers who might receive a variant of the same scam.
The Scam Alert feature in Bitdefender Mobile Security for Android is designed specifically to combat smishing attacks. Scam Alert monitors all incoming SMS messages and notifications in real time. When a dangerous link arrives in a message, users are warned to steer clear.