Smishing—have you heard of it? The Internal Revenue Service (IRS) is warning tax professionals and taxpayers about a recent boost in texting scams designed to capture financial information.
You are likely already familiar with “phishing” attacks on the internet. Phishing is a type of social engineering scam that owes the first two letters of its name to hackers in the 1960s who used electronic devices to mimic the routing system of a telephone, thereby gaining the ability to make free phone calls. Phishing is a lucrative hack that tricks internet users into disclosing passwords, financial accounts, health, and other sensitive information to bad actors posing as credible companies, persons, or government agencies like the IRS.
Smishing takes its name from its sphere of influence—short message service (SMS), also known as texting. Smishing as a social engineering hack has taken longer to establish than phishing although it is far easier to identify or simply create telephone numbers that could yield potential victims.
Recently, the IRS released a statement about an uptick in smishing attacks using IRS-related messaging. The IRS reports it has located thousands of smishing scams targeting taxpayers that originate in fraudulent domains. IRS Commissioner Chuck Rettig said, "This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages. In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity."
Smishing texts purporting to be from the IRS direct users to click on a link to provide information needed for a fake IRS account. Clicking sends the user to a fraudulent website to enter information which may also result in malware being sent to their phones.
The IRS first identified an increase in SMS scams in 2020. While the IRS has undertaken education efforts, the smishing attempts are not abating. Even as the IRS shuts done one or several fraudulent domains, thousands more are generated.
Any form of smishing or phishing that leads to discovery of financial information is of high concern to accountants, corporations, and taxpayers. The IRS emphasizes it does not send email or text messages to taxpayers asking for account information or direct them to enter identifying information on websites.
Tax professionals and others who are subject to smishing or phishing scams should connect with the IRS at phishing@irs.gov. The IRS asks users to copy the text message in an email to the IRS to help them track scams. The actual text is preferred, but screenshots can be sent as well. The email address is only for IRS-related online or text, not other government agencies.
Social engineering methods that capture financial information can quickly lead to tax fraud, identity theft, and more. The best offense to bad actors on the internet or on SMS is a good defense.
Experienced legal service when you are challenged by tax litigation or tax controversy
Serving clients nationwide from offices in Cleveland and Chicago, the tax attorneys of Robert J. Fedor Esq., LLC provides trusted representation on criminal tax defense, offshore tax investments, and compliance matters. Call us at 800.579.0997 or contact us today.