HQ/EMEAFind out how we can help your business
Spain’s Spanish Tax Agency “Agencia Tributaria” has become a recent target of a phishing campaign after malicious actors impersonated the tax agency to victimise people.
The threat actors initially send a fraudulent text message to their targets, notifying them about a tax reimbursement they allegedly have been qualified for. As instructed in the message, the victims must fill out a form on the tax agency’s website to register their information for reimbursement.
The victims are redirected to a fake website of the Spanish tax agency upon clicking the link attached to the fraudulent text message.
The victims are asked for sensitive details on the malicious phishing website’s form, including their credit card info, CCV, and PIN codes.
Upon the victim’s input of their credit card details, the website will show a prompt message saying that it is being processed. Then, the site will state that the victim will receive a code via text message to confirm the reimbursement. However, this code does not occur and is only a part of the fraudulent operation.
Based on investigations of the malicious website, the researchers said it does not display an interface that looks similar to the authentic one and lacks most of the real tax agency website’s functionalities. One of the observed errors in the malicious website includes not being able to change the language despite the option existing.
Security experts said that taxpayers must be wary of these scams as most of them could sound real enough to trick people.
Some of the recommendations to avoid being a victim of phishing attacks are to never click on links attached to emails and text messages coming from unknown senders, never engage in suspicious messages that require quick actions, review the website’s URLs to see if they match genuine sites, and activating a cybersecurity solution or software to protect your devices against phishing attempts and malware.
