Lorraine Williamson
Spain’s National Cybersecurity Institute (INCIBE) has sounded the alarm over a surge in phishing and smishing attacks posing as the Agencia Tributaria (AEAT). Fraudsters are sending emails and text messages that imitate official tax notifications in a bid to trick recipients into revealing sensitive personal and banking details.
The fraudulent messages claim there is an unpaid tax debt, a filing error for 2024, or a pending refund, urging the recipient to click a link for more information. At first glance, the communications look professional, complete with AEAT branding and formal language. However, a closer look reveals tell-tale signs such as minor spelling errors in SMS texts or sender addresses that bear no relation to the genuine agenciatributaria.gob.es domain.
Anyone who clicks the link is taken to a fake AEAT website that mirrors the layout of the real one. Victims are then prompted to log in, enter personal identification details, and supply credit card information, handing valuable data directly to criminals.
Common traps
INCIBE reports that the fraudulent emails often carry subject lines such as “Official Notification: Approved Tax Refund”, “Overdue Tax Obligation”, or “Agencia Tributaria Notification”. The messages are designed to create a sense of urgency, increasing the likelihood that recipients will act before thinking.
Immediate action
If you receive a suspicious message but have not clicked on the link, INCIBE urges you to report it to their incident mailbox, block the sender, and delete the email or text. Anyone who has already entered personal or banking information should contact the INCIBE Cybersecurity Helpline for tailored advice and alert their bank to block cards and prevent unauthorised transactions. If a copy of your ID was shared, it is essential to renew your DNI to prevent identity theft. Victims are also advised to keep evidence such as screenshots and malicious links, file a police report, and regularly search their own name online to check whether personal data is being misused.
Crypto scams
Staying Safe
Phishing and smishing campaigns often spike during tax season, exploiting public trust in official institutions. Always verify unexpected messages through the official Agencia Tributaria website or customer service channels before clicking any link or sharing personal information.
Cybercrime in Spain continues to evolve, but careful scrutiny and prompt reporting can help stop these scams from spreading. By staying alert and questioning anything that feels rushed or unusual, taxpayers can protect themselves and prevent others from becoming victims.