Not long ago we reported on the threat from quishing and brushing. Now the IRS and Microsoft are advising consumers and accountancies about cyber scams linked to tax returns, including “smishing.” What are smishing cyber scams? Read on for a smishing definition.
Microsoft Warns of Phishing Attacks
Earlier this month Microsoft alerted cyber security professionals to several “tax-centric threats” that employ “redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.” While not specified in the warning, we imagine some threat actors behind these email schemes are also using “smishing,” the equivalent of phishing emails sent over text or SMS messages.
“Phishing-as-a-Service” (PhaaS)
Many of the attacks are linked to the “RaccoonO365” phishing-as-a-service (PhaaS) platform, reports Microsoft. Tax-themed phishing emails were “sent to over 2,300 organizations, mostly in the United States in the engineering, IT, and consulting sectors” in the second half of February 2025, says its alert.
More tax-season cyber threats are listed by the Internal Revenue Service (IRS), which is warning tax payers to watch out for a “Dirty Dozen” of tax scams, most linked to online activity. High on the list is “Smishing,” the agency warns:
“Smishing: A text or smartphone SMS message where scammers often use alarming language such as, ‘Your account has now been put on hold,’ or ‘Unusual Activity Report,’ with a bogus ‘Solutions’ link to restore the recipient’s account. The promise of unexpected tax refunds is another potential tactic used by scam artists.
As a reminder, never click on any unsolicited communication claiming to be from the IRS as it may surreptitiously load malware. This may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.”
Scams Against Accountants & Other Companies
Cyber criminals not only target individuals with tax-related schemes, but also accountancies and other professional services companies. The “New Client Scam” was the most common attack reported last tax season to the IRS via its tip-sharing address “[email protected].” This year the Service expects more of the scam, which involves spear phishing attacks on tax industry professionals. “Cybercriminals impersonate new, potential clients to trick tax professionals and other businesses into responding to their emails. Once the tax pro responds, the scammer sends a malicious attachment or URL that can compromise the preparer’s computer systems and allow the attacker to access sensitive client information,” warns the IRS, providing more details here.
If your organization needs additional information or wants to participate in efforts against tax scams, check out two organizations supported by the IRS: the “Security Summit,” a public/private partnership fighting tax scams, along with the newer Coalition Against Scam and Scheme Threats (CASST).
We also wonder if the growing range and frequency of these kind of scams may impact demand for personal cyber insurance.
