we will explain how it works and how to identify the fake payment SMS scam from the Tax Agency, which, coinciding with the 2021 Income campaign, may have reached your mobile to make it seem realistic. This is a fairly unsophisticated type of SMS scam, but although it is easier to detect than other times, it is always good to remember how they work so that no one can fall for them.
For this reason, we are going to try to provide you with as much information as possible in this article. We will start by telling you what this type of scam is and how it works. And then we’ll tell you how can you spot this particular scam of the others, since in addition to the classic signs of this type of scam there are a couple of specific things related to the words that are used that can also help you with other scams related to the Treasury.
What are these types of scams
These types of SMS scams can be called in two ways. On the one hand, it is a type of attack known as phishing, which means fishing. It’s a pretty descriptive name, because what you do with these attacks is send “hooks” or trap messages by SMS or email en masse, with the idea that some unsuspecting user ends up biting and itching.
But within the family of attacks from phishing, we can say that this particular one is a smishing attack. Your name means SMS phishing or fishing via SMS. So, as you guessed, it’s the fishing method that cybercriminals use by sending the hooks via text messages, usually posing as real companies or entitieswith the intention of stealing your data or infecting your devices.
In this particular scam, the sender poses as a post office telling you there is a payment you need to make. They do it by means of an SMS in which they attach a web address that takes you to the attacker’s pagewhich is where you are invited to fill in your payment details in order to steal your money.
In the case of this specific attack, the attackers impersonate the Tax Agency, although without using sophisticated SMS spoofing techniques, which are the ones with which they falsify the sender of the SMS. Here, you will see directly that it is a normal phone number, although with the text they try to mislead you. However, it is worth mentioning that it is possible that at some point this scam could evolve to spoof the sender as well.
How does this deception work?
The mechanism of this scam is quite basic and simple. Simply, You will receive an SMS in which you are told that they are writing to you from the Tax Agency. In this message, they try to make you believe that you have pending collection of money, which they say is a “tax refund”, something that does not really exist.
Therefore, the hook is to try to make you believe that you are going to make money, something that never hurts even if you don’t understand the reason. To do this, they offer you a link with a form to receive the money. This link will take you to a fake page designed by the attackers to enter your card details. Not the necessary data for you to receive money, but their complete data as if you were going to make a payment… which in the end is what they want, to use this data to spend your money.
Fortunately for everyone, in the version of the scam that has reached us, the message contains language that Hacienda would never use, and the form you are taken to should make you suspicious if you usually make and receive payments online. Also, if you look closely you will see that you have been taken to a Russian page.
Unfortunately not everyone has this knowledge, so some people might not be able to identify the scam welland there is always a chance that someone will end up entering their details in the form and seeing that someone has made a large payment with their card and without their permission.
How to avoid this scam
To avoid this scam, there are several points to keep in mind. First, The Tax Agency will never send you an SMS if you have not activated the option to receive them on its official website. Therefore, if you have not entered the Tax Agency website and you have not requested that the notifications reach you by text message, you should be suspicious of any message that you receive saying that it is them.
In this regard, it is advisable always distrust any SMS that asks you to enter a link to do any type of management. It does not matter if it is because your house is on fire or if money has been stolen, do not bite, do not enter that link. If the link has a shortened URLthen the suspicion always has to be double or triple.
Secondly, The Treasury would not send you a message like this if you have not made the Income Statement, in which case you will already know if it comes out to pay or to return. In my case it has come out to pay me, so it is not very effective to make me believe that I have to receive money. And if you haven’t made the statement yet, it’s obvious that you can’t get an SMS like that.
And even if you have, Treasury will not send you an SMS to send you the payment, since they already have your bank details that you have given them when you make the declaration. But it is that the Treasury will not do other things that appear in the message.
If you look carefully, this message has words and terms that the Tax Agency will never use. In Spain, no entity is going to “qualify” for a refund, that word simply isn’t used, so it’s possibly a mistranslation from some online translator.
The SMS also says that they are going to give you “a tax refund”. This is not a supermarket nor will you be refunded an Amazon payment, so Hacienda will never use words like refund. The Tax Agency can request a refund or payment, but not a refund.
And if you make the mistake of entering the SMS website, there is also several things that should catch your attention immediatelyboth in this specific scam and in any other that takes you to a similar website.
First of all, you should always look at the URL of the website to which you are sent. In this case, you will see that It is not the official website of the Tax Agency, and in fact does not even use a Spanish domain .es, but a Russian domain .ru. You can already guess from this that it is possibly a Russian website.
And then there is the data that is asked of you. The data of the expiration date and security code of your card are only requested when making payments with it, since they are not necessary to receive money. Therefore, if you are asked in any online form, you should know immediately that the intention is to use your card to make payments with it. In other words, they want you to pay them. They want to rob you.
George is Digismak’s reported cum editor with 13 years of experience in Journalism