The 2025 Income Tax campaign faces a surge in digital and telephone scams designed to steal personal and banking data from taxpayers. Cybercriminals have perfected their impersonation techniques to more accurately mimic the official language and formats of the administrations.
The Tax Agency, the National Cybersecurity Institute, and CaixaBank have issued joint alerts in response to this situation. Attackers use urgent messages to prevent verification by victims before acting.
Threats of sanction generate urgency in victims
The fraud modalities are based on creating a sense of immediacy. The criminals use peremptory deadlines, threats of fines, or promises of quick refunds so that the user does not hesitate or contrast the information received.
These fraudulent messages include malicious links or attachments. By interacting with them, those affected are redirected to fake web pages or install spyware that captures their access credentials and financial data.
"The Tax Agency does not request sensitive data by phone, SMS or email" - Tax Agency
The tax institution reminds that it never demands immediate responses under duress through these digital channels. Any communication that fails to comply with this rule must be automatically considered suspicious.
The increase in false calls to manage appointments
A notable increase in fraudulent phone calls has been detected. Scammers offer appointment management services or modification of the draft declaration using unofficial numbers.
This modality can entail additional costs on the phone bill or direct theft of personal information. Caution is essential when answering unexpected calls related to tax procedures.
The identification of fraud demands careful examination of the sender. It is essential to detect minimal differences in the mail domain or the official web address before providing any data.
Secure verification must be carried out by directly accessing the electronic headquarters of the Tax Agency. Users must manually type the web address into the browser without opening links or downloading files from dubious communications.