New scam related to the Tax Agency
The user receives an email that is supposedly from the Tax Agency, and asks for their personal data to return money
The Mossos have recently warned of a new scam that aims to keep the personal data of users. This new phishing campaign sends fraudulent emails that supplant the Tax Agency. In the false e-mail informs the taxpayer that he is entitled to an alleged economic reimbursement. In the mail a link to a web page appears with a form where the user's personal and bank details are requested.
Following this new scam, which affects all users who have filled out the form, the Office of Internet Security recommends not entering more personal data, bank, or mobile phone number on pages of doubtful reputation, which do not inspire trust. Especially if the user has not requested this information.
How to detect the scam
In the specific case of the mail scam sent, supposedly, by the Tax Agency, is identified with the subject «New Message | [Numerical Code] ». Inside the mail, the recipient is informed that a reimbursement of 350.61 euros is due and to claim them it is necessary to complete a questionnaire. If the link is clicked, the user is redirected to a web page that supplants the identity of the Tax Agency. The page does not have a digital certificate, but the form, to deceive the user, indicates that it is a safe place.
The page contains a form in which the user's personal data, financial data and access data of the Tax Agency are requested. Once the data has been entered, the page displays the message «Please wait while we process your request. Please wait and don't close the window ». Finally, the page indicates to the user that an SMS has been sent with a confirmation code, which must be entered once received.
What to do if affected
Once the user has been affected, the Internet Security Office alerts that the steps to follow are: periodically monitor what information you circulate on the Internet to detect if your personal data is and in case it is necessary to follow the guidelines of the Spanish Agency for Data Protection to make use of the rights of access, rectification, cancellation and opposition they offer.
In addition, if bank details have been provided, the bank should be contacted directly to take the corresponding security measures, avoiding additional charges. And in case of doubt you can contact the agencies involved, in this case it would be to contact the Tax Agency to know if it is a scam or not.