The Dirección General de Consumo of the Junta de Andalucía, under the Ministry of Health and Consumption, advises taxpayers to pay close attention to possible impersonation campaigns of the State Tax Agency (AEAT) through ‘phishing’ (email) and ‘smishing’ (SMS messages), where cybercriminals, taking advantage of the start of the 2024 Tax Campaign, try to obtain personal and banking data from victims.
These fraudulent techniques have already proliferated in previous Tax campaigns, almost always using the same illicit impersonation methods. Cybercriminals use fake notifications posing as the AEAT, using Tax Agency logos and other messages that may seem plausible, informing, for example, of important notices from the Tax Office, such as supposed tax refunds, through texts like ‘Notification available-Identifier XXXXXX’, ‘IMPORTANT NOTICE’ or ‘Notice of availability of new electronic notification REF-XXXXXX’. They provide a link that leads to a fraudulent website, where personal and banking data are requested.
Therefore, the National Cybersecurity Institute (INCIBE) has once again alerted citizens about these fraudulent practices through ‘phishing’ and ‘smishing’ by impersonating the Tax Agency.
The Tax Agency itself reminds that they never request confidential, financial, or personal information via email, SMS, or apps like Bizum from taxpayers, nor do they attach invoices or other types of data.
There are certain clues or elements that help identify fraudulent messages, such as spelling mistakes or a suspicious sender (URL that does not correspond to the official one). The main recommendations include not opening messages from unknown users or those not requested for communication, not replying to suspicious messages, being especially cautious with links, as well as with downloading attachments from emails, even if they are from known contacts.
On the AEAT website, you can find several examples of fraudulent messages used by cybercriminals in Tax campaigns.
INCIBE points out that if you receive an email or, alternatively, a text message (SMS) with the aforementioned characteristics and have not accessed the link, report it immediately to the organization’s incident mailbox (incidencias@incibe-cert.es), which will help gather useful information to prevent other users from falling for this type of fraud. It is also important to block the sender and delete the message from the email inbox or the SMS message list on the mobile phone.
On the Consumo Responde website, there is a specific cybersecurity section where you can access the latest warnings to citizens from INCIBE.
