The Internal Revenue Service (IRS) has released an advisory warning US taxpayers of what it has identified as an “exponential” increase in text-based phishing attempts. The tax agency recommended that users report such phishing campaigns in order to help the government to identify and disrupt them before more individuals are targeted. The IRS stated that thousands of fake domains had been discovered so far in 2022. These domains are used to facilitate the smishing campaigns and often impersonate legitimate websites in order to lure victims into entering personal or financial information. This inputted information is then harvested by the threat actor.
The text messages delivered by the hacking groups behind the phishing campaigns are pretending to be the IRS in order to create a sense of urgency, offer Covid relief, tax credits, or assistance in setting up an online account. The phishers request personal information or supply malicious links that download malware to the user’s device. The IRS has found that thousands of individuals have received IRS-themed phishing messages in the past several days. Taxpayers and professionals should continue reporting instances of phishing to help security teams assess the risks and disrupt the campaigns.