The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports.
The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information. The scam aims to trick taxpayers into providing personal details and credit card information.”
The text messages purport to come from California’s tax board, informing recipients that they need to provide their payment information to claim their tax refund. The messages set a short deadline to claim the refund in order to compel users to act quickly.
Malwarebytes outlines the following red flags to help users recognize these scams:
- “Suspicious domain names: Official tax authorities only use domains ending in ‘.gov.’ Any link leading to ‘ftb.ca-nt.cc’ or other odd-looking domains is a major red flag.
- “Urgent or threatening language: Scammers often try to rush recipients with claims like “permanent forfeiture of your refund” and tight deadlines.
- “Requests for sensitive personal or financial information: Legitimate agencies never ask for bank account info or other private details via text message.
- “Promised instant rewards: Messages offering immediate deposits should not be trusted.
- “Odd instructions for opening links: Watch out for steps like ‘reply with ‘Y’, then close and reopen the message’ or pasting the link into Safari. This is a scam tactic to bypass security features.
- “Foreign phone numbers: US federal and state agencies only use official numbers, not foreign codes. A sender like +63 (Philippines) pretending to be a US state agency is a sure giveaway of fraud.”
AI-powered security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story.
