IRS Phishing Scams Evolve with QR Codes and Fake Portals

Severity: High (Score: 69.0)

Sources: Sapeople, www.accessnewswire.com, Morningstar

Summary

A new wave of phishing scams targeting taxpayers has emerged, utilizing QR codes and counterfeit IRS websites to steal sensitive information. These scams involve fraudulent communications that mimic legitimate IRS correspondence, including postal mail, text messages, and emails featuring IRS branding. The QR codes embedded in these communications direct victims to fake websites that closely resemble official IRS pages, prompting them to input personal data such as Social Security numbers and banking details. Taxpayers, particularly those who owe money to the IRS, are at heightened risk due to the urgency and panic created by these messages. The IRS has reiterated that it does not use QR codes in official communications and has provided guidelines for verifying legitimate notices. Taxpayers are advised to avoid scanning QR codes from unsolicited messages and to verify any IRS communication through official channels. The rise of these scams reflects a broader trend in cybercrime, where attackers adapt to new technologies and societal behaviors. Key Points: • Phishing scams now use QR codes and fake IRS websites to steal personal information. • Taxpayers who owe money to the IRS are particularly vulnerable to these scams. • The IRS does not use QR codes in official communications; verification is crucial.

Key Entities

• Phishing (attack_type)
• irs.gov (domain)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• WhatsApp Business (platform)