A common example of Income Tax fraud

At the start of an income tax season, it is common to see a rise in deceptive communications that mimic the Tax Agency. These fraudulent attempts aim to deceive recipients into divulging sensitive personal data, banking credentials, or even implanting malicious software on their mobile devices.

Frauds that exploit the Income Tax campaign as a pretext are alarmingly prevalent. In fact, even the national security forces and bodies have taken to social media to caution the public about such schemes. In general, cases of phishing, smishing y vishing purporting to be from the Tax Agency consist of the following:

  • A message sent by email, SMS or phone call with the State Tax Authority (AEAT) as the sender.

  • Re: tax refund or critical situation of non-payment with request for action to solve the problem.

  • The emails and SMS messages typically contain a hyperlink leading to a webpage that appears to be the official AEAT website. The page displays a form, requesting sensitive information such as name, tax ID number, card number, expiry date, PIN code, and date of birth. Individuals perpetrating online scams might also request sensitive banking information such as account numbers or attempt to reroute users to payment or login portals, in order to compromise their login credentials. Or they ask you to download an attachment infected with malware such as Ransomware or Trojans that steal bank data.

Year after year, there has been a surge in cybercriminals' attempts to steal personal and banking data by impersonating the AEAT. These cybercriminals are using a range of sophisticated social engineering techniques such as Spoofing, impersonation of the sender when displaying communications or falsified corporate images on fraudulent websites (Pharming).


  1. It is advised to exercise caution while clicking on links in emails or SMS, particularly those with sensational or enticing subject lines, even if the sender appears to be a known contact. It is important to keep in mind that reputable companies and organisations typically do not send login links to their users.
  2. Minimising the risk of falling prey to Spoofing scams requires a proactive approach. It is highly recommended to manually type the URL into your browser's address bar to access the website you are seeking, rather than clicking on links that may redirect you to a potential fraudulent site.
  3. It is highly recommended to exercise caution when downloading attachments and to always verify the authenticity of the communication. It is important to keep in mind that most reputable companies and organisations typically do not send unsolicited attachments.
  4. Pay attention to the format of the communication. Despite the ever-evolving tactics employed by cybercriminals, there are still telltale signs that warrant your attention. These include a sense of urgency or alarm conveyed in the message, senders whom you do not typically receive correspondence from, grammatical and spelling errors, abrupt and pushy calls, procedural inconsistencies, etc.

Follow these tips on all your devices: both the company computer and the mobile phone, as well as on all the computer devices you use at home.

If you have encountered any fraudulent activity from the AEAT and have shared the requested data, we strongly advise you to contact Superlínea for expert guidance on the appropriate measures to ensure your protection: 915 123 123.

  • Remember that you can forward suspicious emails claiming to be from Santander to phishing@gruposantander.es and suspicious text messages claiming to be from Santander to 638 444 542. For further information, please contact Superlínea on 915 123 123.

You might be interested in