The US Internal Revenue Service (IRS) has warned citizens that the number of SMS phishing attacks masquerading as the tax office has decreased recently.
“So far in 2022, the IRS has identified and reported thousands of bogus domains linked to multiple MMS / SMS / text scams (known as smishing) targeting taxpayers,” the IRS told the IRS in a recent report. warning (opens in a new tab).
“In recent months, and especially in the last few weeks, the number of hits on the IRS has grown exponentially.”
Industrial scale
The assumption of such a scam is simple: the cybercriminal will get a phone number from a US citizen, usually on the black market, and write an SMS message stating that the sender is the IRS and the recipient has unpaid bills, frozen bank accounts, potential legal problems, or something similar. The same SMS will also contain a hyperlink, prompting the victim to click and view the “accusations” or have the problem resolved completely.
The link takes the victim to a specially crafted landing page, designed to look exactly like pages from different banks or similar. There, the victim is encouraged to share confidential information such as personally identifiable information or payment information.
“This is industrial-scale phishing, so thousands of people could be at risk of receiving this fake news,” IRS Commissioner Chuck Rettig quoted in the publication.
“In recent months, the IRS has reported numerous large-scale smishing campaigns that delivered thousands – even hundreds of thousands – of IRS-themed messages in hours or days, far exceeding previous activity levels.”
This is not the first time that a threat handler has disguised itself as US government agencies in phishing attacks. Last July, the Federal Communications Commission (FCC) was forced to issue a similar warning, informing thousands of Americans that someone was impersonating the FCC and was looking for their personal information.
As with emails from unknown senders, people should be especially careful when receiving SMS messages from people they don’t know, especially if those messages contain links and a sense of urgency.
By: Hissing computer (opens in a new tab)