"IRS Warns of 'Industrial Scale' Smishing Surge"

The Internal Revenue Service (IRS) is warning US taxpayers of an “exponential” increase in text-based phishing attempts and is urging users to report campaigns to help the government disrupt them.  The tax agency said it had identified thousands of fake domains so far in 2022, which are used to facilitate the so-called “smishing” scams.  These are designed to steal victims’ personal and financial information.  The IRS noted that the text messages are spoofed to appear as if sent from the IRS and often use lures like fake COVID relief, tax credits, or help setting up an IRS online account.  They might request personal information or covertly download malware to the user’s device by tricking them into clicking on a malicious link.  The IRS noted that automated tooling is helping drive this surge.  The IRS claimed that just three dozen stolen or bogus email addresses were used to create over 1000 fraudulent domains for a recent smishing campaign.  The IRS urges users and tax professionals to continue reporting any smishing attempts they discover in order for security teams to track and disrupt the threat actors behind them. 

Infosecurity reports: "IRS Warns of 'Industrial Scale' Smishing Surge"