INCIBE and OCU warn: new phishing campaign using the Tax and Income Agency 2023

They haven't been kept waiting too long. The submission period of the declaration of Income for the year 2023 It started last day 3 and we already have here the first campaign of phishing that tries to take advantage of this circumstance, as happens every year, to obtain personal and banking data of users.

The National Cybersecurity Institute, INCIBEand the OCU have warned of this campaign of what is known in the language of cyber scams as smishing. This is a variant of phishing, which is characterized because cybercriminals impersonate a certain organization or company, in which contact with the victim It starts via mobile with the reception of an SMS.

In this case, INCIBE has detected several types of messages with the same purpose. Among the examples shown, there are those “referred” by the Tax agency and the Social Security. They indicate to the victim that has ordered the payment of 411 euros as an alleged tax refund corresponding to the income tax return for the year 2023.

Below is a link which leads to a fraudulent website which replicates that of the Tax Agency and in which, through a form, the following data is requested: full name, credit card number, expiration date, CVV and even the PIN of the card, something absolutely irregular in any payment process.

Fraudulent website that impersonates the Tax Agency and even asks for the card PIN.INCIBE.

One of the SMS reported by INCIBE contains the following text:“TAX AGENCY: Payment of 411.00€ of your 2023 personal income tax refund has been ordered. More information on the website: (fraudulent web URL)”.

One of the SMS from the campaign detected by INCIBE.
One of the SMS from the campaign detected by INCIBE.INCIBE.

The spelling errors They also characterize the following example of this smishing campaign: “SOCIAL SECURITY: We inform you that the payment of €411.00 has been ordered. Of your refund of taxes paid. Refund in your favor of the TGSS 2023. Find more information on the page: (fraudulent web URL)”.

If you have fallen for the scam, the OCU recommends contacting the issuing entity of the card whose data has been stolen, saving evidence of the scam and report it to the State Security Forces and Bodies.