The State of California Franchise Tax Board (FTB) recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states:
“Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information. The scam aims to trick taxpayers into providing personal details and credit card information.”
As if to prove their point, one of my co-workers received this text message.
“State of California Franchise Tax Board (FTB)
Your tax refund claim has been processed and approved. Please provide your accurate collection information before September 01, 2025.
We will deposit the money into your bank account or email paper check within 1-2 working days.
{link}
Failure to submit required payment information by September 01, 2025 will result in permanent forfeiture of this refund under California Revenue and Taxation Code Section 19322.
Just reply with ‘Y’, then close and reopen the message to make the link work. If that doesn’t do it, copy the link and paste it straight into Safari.
California Franchise Tax Board|Sacramento, CA|Official State Agency”
The links that we found for this campaign are designed to look legitimate by using ftb.ca, ftb.gov, or ftb.cagov in the URL. The sites are designed to mimic the official version of certain FTB web pages, but in reality they are designed to steal your personal and banking information.
How to tell if a message is a scam
This type of scam is not limited to California or even to tax returns, so this advice is good for everyone. Here are some scammy signs to watch out for:
- Suspicious domain names: Official tax authorities only use domains ending in “.gov”. Any link leading to “ftb.ca-nt.cc” or other odd-looking domains is a major red flag.
- Urgent or threatening language: Scammers often try to rush recipients with claims like “permanent forfeiture of your refund” and tight deadlines.
- Requests for sensitive personal or financial information: Legitimate agencies never ask for bank account info or other private details via text message.
- Promised instant rewards: Messages offering immediate deposits should not be trusted.
- Odd instructions for opening links: Watch out for steps like “reply with ‘Y’, then close and reopen the message” or pasting the link into Safari. This is a scam tactic to bypass security features.
- Foreign phone numbers: US federal and state agencies only use official numbers, not foreign codes. A sender like +63 (Philippines) pretending to be a US state agency is a sure giveaway of fraud.
- Grammatical mistakes, strange wording, and formatting errors: Even though the use of AI by scammers has reduced the number of these signs, they sometimes occur. “Email paper check” is a good example.
- Generic sign-offs or incomplete contact details: Real tax authorities provide clear and official contact information.
Spotting any one of these signs should be enough to delete the message. Never click links or provide personal details based on unsolicited texts or emails.
Other tips to stay safe are:
- Keep your device and the software on it up to date.
- Use an active anti-malware protection, preferably with a web protection module.
- If you’re worried something is a scam and want to confirm it, Malwarebytes users can submit suspicious messages to Scam Guard.
You can also visit the FTB Scams page to verify when FTB sends texts and what information is included.
Indicators
We have spotted these subdomains in this campaign:
ftb.gov-ciehka.xmnsia[.]cc
ftb.ca-nt[.]cc
ftb.cagov-Ibh[.]cc
ftb.cagov-tqn[.]cc
ftb.cagov-cg[.]cfd
ftb.cagov-onr[.]cc
ftb.cagov-jme[.]cc
ftb.cagov-etu[.]cc
ftb.cagov-ib[.]cc
ftb.ca-mg[.]cc
ftb.gov-qls[.]help
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!
Source link
