article featured image


The Internal Revenue Service (IRS) announced an increase in IRS-themed texting scams, large-scale campaigns spreading hundreds of thousands of messages.

These smishing attacks are targeting taxpayers trying to steal personal and financial information. Fake SMS are using diverse lures like unpaid bills, bank account problems, or law enforcement actions.

“In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity”, says IRS Commissioner, Chuck Rettig.

How Smishing Works

One of the most efficient tactics in a smishing campaign is choosing to impersonate a thrust-worthy sender, like a government agency or a bank.

Some phishing messages can contain links that will redirect the victims to a fake bank website where they will be asked to confirm an acquisition or unfroze a credit card in order to steal their banking information.

But not all threat actors are after credit card details, some campaigns gather any personal data that can be used or sold to a third party.

Smishing campaigns target mobile phone users, and the scam messages often look like they’re coming from the IRS, offering lures like fake COVID relief, tax credits or help setting up an IRS online account.


How to Stay Safe

You can avoid a smishing attack following a few simple rules:

  • Don’t reply to any unknown or suspicious sender
  • Don’t share personal data via text
  • Be suspicious of texts with misspellings or those that originate with an email address
  • Avoid any suspicious link received via SMS
  • Verify with the sender any unexpected text from a business
  • As a rule, government agencies don’t communicate through text or phone.

Victims of these smishing campaigns are encouraged to report the incident by sending an email to phishing@irs.gov.

“Scam SMS/text messages can also be copied and forwarded to wireless providers via text to 7726 (SPAM), which helps them spot and block similar messages in the future,” the IRS pointed out.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *