The U.S. Internal Revenue Service (IRS) is warning citizens that the number of SMS phishing attacks impersonating the tax office has gone through the roof lately.
“So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers,” the IRS said in a recent warning (opens in new tab).
“In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially.”
The premise of such scams is simple: a threat actor will obtain a phone number from an American citizen, usually on the black market, and draft an SMS message claiming the sender is the IRS, and that the recipient has unpaid bills, frozen bank accounts, potential legal issues, or something similar. The same SMS message will also carry a hyperlink, inviting the victim to click and either review the “accusations” or address the issue completely.
The link leads the victim to a specially crafted landing page, designed to look exactly like pages from different banks, or similar. There, the victim is enticed to share sensitive information such as personally identifiable data, or payment information.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” the publication cited IRS Commissioner Chuck Rettig saying.
“In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”
This is not the first time a threat actor impersonated U.S. government agencies in phishing attacks. Last July, the Federal Communications Commission (FCC) was forced to issue a similar warning, letting thousands of Americans know that someone is posing as the FCC and going after their personal information.
As with emails from unknown senders, people should be extra careful when receiving SMS messages from people they don’t know, especially if those messages carry links and a sense of urgency.
Via: BleepingComputer (opens in new tab)