CampaignSMS

Menu
Free Trial
TurboTax SMS Scam – KnowBe4
admin
March 5, 2026
SMS Marketing

It is tax season in the United States and that means plenty of tax scams. I recently received these SMS messages.

I am a TurboTax user, so hey, these might be legit, even though they look scammy.
I first looked up the ttax.us domain using GoDaddy’s Whois service. The ttax.us domain is not valid.
Fact is, scammers would not have sent out a scam message using a non-existent domain, so it probably means that it was taken down. Well, that’s good!
I decided to ask Bing if ttax.us was related to TurboTax. Here’s what I got (shown below):

To be clear, it is not. You cannot trust internet searches to bring you back the truth.
I decided to try using Google and it brought back better results (shown below):

I went to the official TurboTax web and searched on ttax.us. The results are shown below.

Nothing. Nada. I was a little surprised that they did not have a warning about the bogus domain. If you go to an official website of a vendor and put in a domain name and nothing comes back, that probably is not a good sign.
Then I used Microsoft CoPilot (shown below):

Like Google’s return, it had the right answer. I reported the scam SMS messages to my phone provider so that I will not be harassed again.
I was a little disappointed that I could not follow the scam URLs to see what the scammers would ask me for. Microsoft Edge and Google Chrome browsers refused to let me go there (not that I could). I tried using an old IP address I found, and my internet provider blocked me from getting there, saying the domain had been reported as malicious. Well, it’s great that everyone involved in trying to block me from getting there (save the one Bing result). It is nice when the good guys block the bad guys.
 
Return To KnowBe4 Security Blog
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
PST ResultsHere’s how it works:
Topics: Human Risk Management, Smishing
Roger A. Grimes, CISO Advisor for KnowBe4, Inc., is the author of 15 books and over 1500 articles, specializing in host security and preventing hacker and malware attacks. Roger is a frequent speaker at national computer security conferences and his presentations are fast-paced and filled with useful facts and recommendations.
Security Awareness Training
Blog RSS Feed

source

Share on Facebook
Share on Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *