Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Smishing Campaign Targets California Taxpayers With Phony Refund Offers

    KnowBe4 Team | Sep 5, 2025

    SmishingThe State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports.

    The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information. The scam aims to trick taxpayers into providing personal details and credit card information.”

    The text messages purport to come from California’s tax board, informing recipients that they need to provide their payment information to claim their tax refund. The messages set a short deadline to claim the refund in order to compel users to act quickly.

    Malwarebytes outlines the following red flags to help users recognize these scams:

    • “Suspicious domain names: Official tax authorities only use domains ending in ‘.gov.’ Any link leading to ‘ftb.ca-nt.cc’ or other odd-looking domains is a major red flag.  
    • “Urgent or threatening language: Scammers often try to rush recipients with claims like “permanent forfeiture of your refund” and tight deadlines.
    • “Requests for sensitive personal or financial information: Legitimate agencies never ask for bank account info or other private details via text message.
    • “Promised instant rewards: Messages offering immediate deposits should not be trusted.
    • “Odd instructions for opening links: Watch out for steps like ‘reply with ‘Y’, then close and reopen the message’ or pasting the link into Safari. This is a scam tactic to bypass security features.
    • “Foreign phone numbers: US federal and state agencies only use official numbers, not foreign codes. A sender like +63 (Philippines) pretending to be a US state agency is a sure giveaway of fraud.”

    AI-powered security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Malwarebytes has the story.

     

    Return To KnowBe4 Security Blog

    Will your users respond to phishing emails?

    KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

    PRT-imageHere's how it works:

    • Immediately start your test with your choice of three phishing email reply scenarios
    • Spoof a Sender’s name and email address your users know and trust
    • Phishes for user replies and returns the results to you within minutes
    • Get a PDF emailed to you within 24 hours with the percentage of users that replied

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-reply-test

    Topics: Phishing, Human Risk Management

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.