Every spring, with the arrival of the income campaign, a much less visible parallel machinery is also activated: that of fraud attempts. Cybercriminals take advantage of the volume of procedures, the urgency to meet deadlines and the familiarity with fiscal terms to supplant the administration and deceive thousands of taxpayers.
The Tax Agency (AET) has been warning of these risks for years. In its latest statement in this regard, it insists on a key idea: the AET never requests confidential information (such as account numbers, passwords or sensitive personal data). through unverified emails, SMS messages or phone calls. However, many of the most effective scams are based precisely on simulating these channels.
One of the most common methods is phishing, in which the user receives a seemingly legitimate email which informs you, for example, of a pending tax refund. The message usually includes a link that directs to a web page that imitates the aesthetics of the official electronic headquarters. There, the user is asked to enter their banking details or access credentials. The result is immediate: the information passes into the hands of the attackers.
A similar variant is the smishing, which uses SMS messages instead of emails. In these cases, the text is usually shorter and more urgent: a supposed rent notification or a notice of incident that requires immediate action. The included link also redirects to fraudulent pages designed to capture data.
Telephone fraud campaigns have also been detected, in which scammers pose as employees of the Tax Agency. Sometimes, They even manipulate the caller ID to make it look like an official number. During the conversation, they try to obtain sensitive information or induce the payment of supposed non-existent debts.
There are, however, signs that allow you to identify these scam attempts. The messages usually appeal to urgency or fear (threats of sanctions, blocking or loss of refunds), contain grammatical errors or slightly modified web addresses, and in many cases use domains that do not correspond to the official of the Tax Agency.
The general recommendation is clear: Do not access links received by email or SMS if their authenticity has not been previously verified. Instead, it is advisable to enter the electronic office directly by typing the address in the browser or using the official application. If you have any questions, it is preferable not to provide information and consult official channels.
Furthermore, the Tax Agency remembers that Your important notifications are made through official means, such as your electronic headquarters, sending letters to the registered address or other certified communications.and that never requires immediate payments through unusual methods, such as urgent transfers or prepaid cards.
In a context in which digitalization has simplified many procedures, it has also expanded the attack surface for fraud. Prevention, in this case, does not depend so much on advanced technical knowledge as on basic habits: be wary of urgency, verify the origin of messages and remember that, in tax matters, the administration never improvises channels or requests sensitive data unexpectedly.