New Surge of IRS-Themed Attacks Targets Taxpayers’ Mobile Devices

As the U.S. tax filing deadline approaches, cybercriminals are intensifying their efforts to exploit taxpayers through a new wave of IRS-themed scams.

Research from McAfee Labs has revealed a sharp increase in fraudulent activities targeting mobile devices, with scammers using deceptive text messages and fake IRS websites to steal personal and financial information.

Mobile Attacks Dominate Tax Scam Landscape

According to McAfee’s findings, mobile users are the primary targets of these scams, with 76% of tax-related phishing campaigns in 2024 delivered via text messages.

These messages often include shortened URLs that mask their true destinations, making it harder for users to identify malicious links.

Many of these fraudulent links mimic official IRS websites, such as “irs.gov.tax-helping[.]com,” tricking taxpayers into believing they are legitimate.

Scammers also employ urgent or fear-based tactics to manipulate victims.

Messages may claim that refunds are on hold or threaten legal action for unpaid taxes.

In reality, the IRS does not use such methods to communicate with taxpayers, making these red flags for potential fraud.

The Mechanics of IRS Scams

The scams typically unfold in two stages.

First, victims receive a message purporting to be from the IRS or a tax preparation service.

The message includes an urgent call to action and a link to a fake website designed to resemble official IRS pages.

Once victims click the link, they are prompted to provide sensitive information such as Social Security Numbers (SSNs), bank account details, or login credentials.

This stolen data can be used for various forms of fraud, including filing false tax returns to claim refunds, identity theft to open new credit accounts, or even reselling the information on dark web marketplaces.

The consequences for victims can be severe, often requiring months or years to resolve.

McAfee’s analysis highlights that these scams are not isolated incidents but part of highly coordinated campaigns.

For instance, one phishing campaign in 2024 accounted for 17.3% of all tax-related blocked URLs.

Scammers also impersonate well-known tax preparation and software companies, further complicating efforts to distinguish legitimate communications from fraudulent ones.

To safeguard against these attacks, taxpayers should remain vigilant and adopt proactive measures:

• Verify Communications: The IRS primarily contacts individuals via physical mail and does not request personal information through text messages or emails.
• Avoid Clicking Links: Instead of clicking on links in unsolicited messages, visit official websites directly by typing their URLs into your browser.
• Use Security Tools: Employ cybersecurity solutions that detect phishing attempts and block malicious websites.
• File Early: Submitting your tax return early reduces the risk of scammers filing a fraudulent return in your name.
• Monitor Credit Activity: Regularly check your credit report for unusual activity and set up alerts for unauthorized transactions.

The surge in IRS-themed scams underscores the importance of heightened awareness during tax season.

By recognizing common tactics used by cybercriminals and taking preventative measures, taxpayers can protect themselves from falling victim to these sophisticated schemes.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free