This week the 2020 Income and Wealth declarations campaign, a process that will last until June 30 and in which security must be taken into account to protect against cyberattacks that seek to defraud taxpayers.
Just a day after the start of the campaign, it didn’t take long for the first threats related to Income 2020, and the National Cybersecurity Institute (INCIBE) has warned about a ‘malware’ that, posing as the Tax agency, act through an email with the subject ‘Fiscal action’ to steal personal data from users.
During the previous years, the Income campaign has been threatened by cyberattacks such as ‘phishing’, which supplant identity by digital means precisely with the aim of stealing information, as is the case with the ‘malware’ alerted by INCIBE.
The Tax Agency has in its Fraudulent Campaign Examples Web Portal mail in which your identity has been spoofed to scam citizens. One of these is precisely in relation to the income statement of last year.
This message read the following: “Irregularities have been detected in your income tax return for 2019. Attached to this message is your invoice with the deference you owe. Failure to make the payment on time may incur extra charges and fines “.
This type of message, similar to an official communication, provokes the fear of the user, who agrees to carry out the procedure that is requested. However, there is a series of indications that show that, indeed, it is a hoax, as Entelgy Innotec Security, Entelgy’s cybersecurity division, has collected.
The four most common clues begin with realizing if the sender’s domain is not the official one. In the example mentioned, The email is sent by [email protected], where the domain would be ‘Agencia.es’. However, as the AEAT collects on its portal, its real domain is ‘Correo.aeat.es’.
The second indication that it is a fraud is that the channel is not the one normally used. The AEAT never asks taxpayers for this type of information through this medium..
Likewise, another indicator that can lead to suspicion are the spelling errors. Typically ‘phishing’ emails include various typos. And as can be seen in the message, the word ‘declaration’ does not have an accent and ‘sworn’ is written as ‘sworn’.
The fourth indication that we are facing a ‘phishing’ attack is the presence of attachments to download in emails, or links that are requested to be accessed are included.
It is important to know that through both options the device from which the mail is being read can be infected. Therefore, if the user sees any of these cases (in the example what is required is to download an invoice), be wary.
Examples like this message are expected to be repeated throughout this year’s campaign. However, in case of doubt there is always the option of contacting the Agency directly through one of its official telephones (901 200 347, 91 757 57 77 or 93 442 27 64) and ask for the veracity of the received mail.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.