Treasury warns about fraud with income tax returns

Taxpayers are once again the target of cybercriminals in the current income tax campaign, in which a new scam has been detected that aims to take over the personal and banking data of potential victims. The ploy consists of sending SMS informing that an alleged refund of personal income tax for the year 2023 has been ordered.

The text message, similar to the one you can see below, contains a link to a fraudulent website that impersonates the Tax Agency and urges its recipient to click on it if they want to obtain “more information.”

When the victim enters the address, they are asked through forms to enter their personal and banking information. “So far, several types of messages with the same purpose have been detected, which include some spelling errors and an unofficial URL from the Tax Agency,” the National Cybersecurity Institute (INCIBE) states.

The entity, which warns that incidents related to computer security are on the rise, also warns that scammers try to appropriate other people’s property through methods other than sending text messages (smishing), such as email. (phishing) and phone calls (vishing). Likewise, it reports that there have been specific cases in which taxpayers “realize that they have been victims of fraud because cybercriminals have used their personal data to register with betting houses and, when submitting the income tax return, , they are asked to declare the profits they have obtained.”

To prevent taxpayers from ending up with empty accounts, far from depositing treasury money, the Treasury has launched a notice in recent hours reminding that the Tax Agency never requests confidential, economic or personal information, account numbers by email or SMS. neither card numbers nor attachments with invoice information or other types of data. It also does not make refunds to credit or debit cards or using Bizum. Finally, it clarifies that it never charges any amount for the services it provides.

In this case, it is advisable not to download documents or files attached to the email or click on the links. “If you have received a text message with the mentioned characteristics, but you have not accessed the attached link, we recommend that you block the sender and delete it from your inbox,” INCIBE comments. But if it is too late and personal and banking details have been provided, the victim will need to capture and store all evidence. For this, online witnesses can be useful, tools that allow you to certify the content of a specific website or the sending of an email at a specific time. They also advise doing egosurfing – searching for information about yourself on the internet – for a few months to ensure the security of personal and banking data.

In addition, they advise reporting the fraud to the State Security Forces and Bodies and reporting what happened through this form from the Tax Agency and this email incibe-cert.es.

Exit mobile version