On Wednesday, November 4 the Security Summit reported that taxpayers are being targeted by a new series of text-message scams that impersonate state departments of revenue and tax relief organizations. 

In an Internal Revenue Service press release, the Security Summit explains that identity thieves are asking taxpayers to provide bank account information finalize a transfer of Economic Impact Payment funds. The text messages include a link to a website that is designed to look like the online “Get My Payment” tool, reading: “You have received a direct deposit of $1,200 from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment.” The Summit reminds taxpayers that the IRS does not send unsolicited texts or emails and does not call people with threats of jail or lawsuits, nor does it demand tax payments on gift cards.

How do phishing sites steal my information? Phishing websites use many different mechanisms to steal victims’ information and money, many of which also appear in phishing emails, social media messages, and text messages:

• Collecting data from information-gathering fields
• Installing malware with embedded links
• Getting visitors to call listed numbers
• Running background scripts that install malware

Since some of these sites can steal information simply by visiting them, recipients of phishing emails should make it a habit to never click on embedded links and attachments in unsolicited digital messages.

What should you do if you receive a phishing message? The Security Summit says that victims should report tax-related phishing attempts to the IRS, since collecting data and raising awareness can help us all avoid falling victim to impersonation scams.