The Internal Revenue Service is warning taxpayers of a recent increase in IRS-themed texting scams aimed at stealing personal and financial information.
So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers. In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially.
Smishing campaigns target mobile phone users, and the scam messages often look like they’re coming from the IRS, offering lures like fake COVID relief, tax credits or help setting up an IRS online account.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS Commissioner Chuck Rettig. “In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”
In the latest activity, the scam texts often ask taxpayers to click a link where phishing websites will try to collect their information or potentially send malicious code onto their phones. The IRS does not send emails or text messages asking for personal or financial information or account numbers. These messages should all be red flags for taxpayers.
Beginning in the fall of 2020, the IRS observed an increase in reports of smishing scams requesting taxpayer personal and financial information. These smishing campaigns continued through the pandemic. The IRS has taken numerous steps to warn people of this ongoing threat, including posting a video about how to avoid IRS text message scams.
Taxpayers should continue reporting these scams to firstname.lastname@example.org. Their reporting allows the IRS to report these scams to the appropriate service providers for action, protecting other taxpayers who might receive a variant of the same scam.
While the IRS works to shut down online fraud, criminals are using ever-evolving tactics to cast a wider net and catch more victims, like using algorithms to automatically generate hundreds or even thousands of fraudulent domains. For example, a recent campaign used just three dozen stolen or bogus email addresses to create over 1,000 fraudulent domains.
“Particularly in these cases, the best offense is a good defense,” said Rettig. “Taxpayers and tax pros need to remain constantly vigilant with suspicious IRS-related emails and text messages. And if you get one, sending the IRS important details from the text can help us disrupt the scams and protect others.”