A practical example of phishing

The Tax Return campaign usually starts with a wave of fraudulent emails impersonating the Tax Agency that try to deceive users to steal personal data or infect computers and mobiles with a virus.

It is the Police that usually send the alert. Typical Tax Agency phishing cases consist of the following:

  • An email with the State Tax Administration Agency (AEAT) as the sender.
  • Mail subject: "Tax refund message".
  • In the text of the email there is a link to a web page that pretends to be that of the AEAT, with a form requesting data with the excuse of returning a certain amount of money (Name, Tax ID code , card number, expiration date, PIN code, date of birth).

It is not the first time that cybercriminals have attempted to steal personal and banking data by posing as the Tax Agency, and social engineering is a system that is still effective and many users fall for it.


  1. Do not open emails from unknown senders or those that contain strange attachments.
  2. Take care when clicking on links in emails. It is always better to write the URL directly into the browser to reach the website we are looking for.
  3. Be very careful when downloading attached files, even if sent by a known contact.
  4. Pay attention to the format of the mail. Although cybercriminals are increasingly sophisticated in their techniques, there are still clues that should make you suspicious: grammatical errors in the text, misspellings, or urgent messages are the most common.

Follow these tips on all your devices: whether you have a business computer and mobile phone, or on the computer equipment you use at home.

If you have fallen victim to this phishing attack and have filled in the information, we recommend that you contact Superlínea so that they can advise you on the appropriate measures to take for your protection: 915 123 123

You might be interested in