Government Warns of Rise in IRS-Themed Texting Scams – Investopedia
The Internal Revenue Service (IRS) is warning taxpayers about a significant rise in so-called ‘smishing’ attacks consisting of IRS-themed texting scams designed to steal personal and financial information. Smishing attacks target mobile phone users by delivering scam text messages offering fake COVID relief, tax credits, or other benefits.
The IRS does not send emails or text messages asking for personal or financial information or account numbers, the agency says.
So far in 2022, the IRS has identified and reported thousands of fraudulent internet domains responsible for multiple IRS-themed smishing attacks. Recently, these attacks have increased exponentially.
Smishing, a text-oriented form of phishing, is a scam with the goal of getting you to give up personal or financial information, including account numbers. Because smishing uses text messages, mobile phones and other MMS/SMS devices are the primary targets.
The scam messages often appear to be coming from the IRS and offer such things as COVID relief, tax credits, or help setting up an online IRS account, according to the agency. The texts often ask recipients to click a link where the fraudulent website tries to collect personal information or send a malicious code to the phone.
The IRS first noticed an increase in reports of smishing in the fall of 2020. The reported attacks, which always asked for personal and financial information, continued through the COVID pandemic. In addition to an extensive warning campaign, the IRS has posted a video about how to avoid IRS text message scams.
Beginning in the fall of 2020, the IRS observed an increase in reports of smishing scams requesting taxpayer personal and financial information. These smishing campaigns continued through the pandemic. The IRS has taken numerous steps to warn people of this ongoing threat, including posting a video about how to avoid IRS text message scams.
As the IRS ramps up its efforts to shut down online fraud, criminals are evolving new tactics. One includes using algorithms to automatically generate hundreds or even thousands of fraudulent domains. The agency reports that a recent smishing campaign used just three dozen stolen or bogus email addresses to create over 1,000 fraudulent domains.
With the approach of October's Cybersecurity Awareness Month, the IRS and the Security Summit partners in the states and the nation's tax community remind people and the tax professional community to be on the lookout for phishing scams and other schemes that could put sensitive tax data at risk.
The IRS maintains an email inbox (phishing@irs.gov), to collect and process IRS, Treasury, and tax-related online scams. Smishing involving other government agencies or private brands should not be reported to phishing@irs.gov.
If you receive an IRS-related text scam, report it to phishing@irs.gov.
Reporting IRS-themed texts to the IRS lets IRS security personnel track and disrupt these scams. Your report to the IRS should include both the body of the message and the sender's information in one email or text. Copying the actual text into an email is best but screenshots are also permissible.
To report a smishing attack, the IRS says to do the following:
Taxpayers should continue reporting these scams to phishing@irs.gov. Their reporting allows the IRS to report these scams to the appropriate service providers for action, protecting other taxpayers who might receive a variant of the same scam.
In addition to reporting the scam to the IRS, IRS-related scams can be reported to the Treasury Inspector General for Tax Administration using the IRS Impersonation Scam Reporting form and the Federal Trade Commission (FTC) through their Complaint Assistant. This will make the information available to investigators at those agencies.
You can also copy and forward scam texts to your wireless provider by texting it to 7726 (SPAM). This allows providers to spot and block these messages in the future.
With the approach of October's Cybersecurity Awareness Month, the IRS and the Security Summit, a coalition of state tax agencies and private sector tax businesses, is reminding taxpayers and the tax professional community to be on the lookout for phishing and smishing scams as well as other other schemes that could compromise sensitive tax data.
In addition, the IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors, and state tax administrators to combat other crimes including identity theft refund fraud to protect taxpayers.
Vigilance is the bottom line. Don't click on links in texts, especially if you suspect they are not from a legitimate source. Government agencies such as the IRS do not send texts asking for personal or account information.
It can be difficult to tell if a text is legit or not. When in doubt, report the text via the information listed above. Then contact the IRS directly to find out if it has been trying to contact you.
Financial Fraud
Social Security
Financial Fraud
401(k)
Social Security
401(k)
When you visit the site, Dotdash Meredith and its partners may store or retrieve information on your browser, mostly in the form of cookies. Cookies collect information about your preferences and your devices and are used to make the site work as you expect it to, to understand how you interact with the site, and to show advertisements that are targeted to your interests. You can find out more about our use, change your default settings, and withdraw your consent at any time with effect for the future by visiting Cookies Settings, which can also be found in the footer of the site.
