The Tax and Customs Authority (AT) warns of new fraudulent emails circulating in its name, one of which includes a link to a page mimicking the authentication on the Tax Portal.
In a notice published on its website on Wednesday, the tax administration notes that “some taxpayers are receiving messages supposedly from AT, requesting them to click on provided links.”
The messages “are false and should be ignored,” states the AT, explaining that these are phishing attempts aimed at convincing email recipients to access “malicious pages by clicking on the suggested links” or make “improper payments.”
In this warning, the AT presents images of some fraudulent emails and fake pages designed to resemble AT’s platforms.
One such imitation mimics the AT’s site authentication service through Digital Mobile Key, a login option requiring a mobile phone number and a personal code linked to this official state feature.
The AT’s alert comes days after it introduced a second authentication factor on the Tax Portal, via mobile number linkage, allowing AT to send a verification code required following the NIF and password entry on the site.
Additionally, other fraudulent messages with a similar nature are also circulating, though such occurrences are regular.
In one situation, the recipient receives a payment reference for purportedly settling an amount owed to AT—one example requiring a 291-euro payment.
This false message states a “pending payment” of a tax for the last fiscal year has been identified, urging the supposed taxpayer to clear the amount within two days.
Another message instructs the recipient to update IRS declaration details submitted in early July, even though the legal submission deadline was June 30.
Furthermore, an email claims a legal proceeding exists, encouraging recipients to click on a link by stating that the complete notification content is attached and requires a password to open.
Text message scams also target citizens, with one alleging the recipient “has an outstanding debt” and should resolve it at the sent link to avoid “seizure proceedings.”
In another case known to Lusa, a message purports to come from a fake “National Proceedings Office” of AT, with an email ending “@santorini.com.co.”
In the same online notice, AT advises citizens to refer to the “Information Security leaflet” available on the Tax Portal, though the document link is not provided on the webpage.
To find it on AT’s site, two methods are suggested: typing “Information Security leaflet” in the search bar and selecting the first result in the “information” section; or clicking “Taxpayer Support” on the website’s sidebar, followed by “Useful Information,” “Informative leaflets,” and finally “Information Security.”
In this leaflet, AT urges citizens to always verify and not respond to suspicious messages, avoid clicking on links, refrain from downloading or opening files, and never provide “login credentials for the Tax Portal.” It additionally suggests deleting messages “from unknown sources or with dubious content.”
