Smishing: A Rising Threat in the IRS Dirty Dozen Scams

ARTICLE | February 06, 2024

Understanding Smishing

In the realm of cybersecurity, smishing is a growing concern for businesses. Smishing, or SMS phishing, involves fraudsters sending deceptive text messages to trick individuals into revealing sensitive information. These scams have spiked recently, with mobile users being six to ten times more susceptible to smishing than traditional email phishing.

The Rise of Smishing in the IRS Dirty Dozen

The IRS annually compiles the Dirty Dozen, a list of the top tax scams to avoid. In recent years, smishing has consistently made the list. Scammers posing as credible financial institutions, or even the IRS itself, exploit these methods to entrap victims and ultimately commit identity theft. The IRS warns against emails or texts claiming to offer tax refunds or threatening legal charges for tax fraud, a common tactic used in smishing attacks.

Recognizing Smishing Attempts

To safeguard your business from smishing attacks, it is vital to recognize the red flags. Smishing messages often include alarming language such as warnings about account holds or unusual activity reports. Smishing scams may also falsely promise COVID relief, tax credits, or assistance with setting up IRS online accounts. Always verify the authenticity of any message claiming to be from the IRS or any other financial institution.

Reporting and Avoiding Smishing Scams

If you encounter a potential smishing scam, never click on any unsolicited links or provide any personal or financial information. Instead, report the scam by sending the email or a copy of the text/SMS as an attachment to phishing@irs.gov. Include details such as the caller ID, date, time, and the number that received the message.

Also, remember that the IRS initiates most contacts through regular mail and will never seek information via email, text, or social media regarding a bill or tax refund.

Keeping Your Business Safe from Smishing

As a business leader, it is crucial to educate yourself and your team about the risks of smishing. Regularly updating security software, thinking twice before clicking on links, and maintaining open lines of communication about potential threats can go a long way in protecting your business from these attacks.

In conclusion, smishing is a growing threat that requires vigilance and a proactive approach to keep your business safe. By understanding what smishing is, recognizing its signs, effectively reporting it, and implementing preventative measures, you can significantly reduce the risk of falling victim to this modern form of phishing.