22-03-2018 Cases of online phishing

As the beginning of the 2017 Income Tax filing campaign draws near, the Tax Agency detected several cases of attempted fraud involving the sending of emails or SMS messages containing malicious links claiming to offer tax refunds. These links are usually to fraudulent websites posing as the Tax Agency and requesting personal details and bank details such as credit card numbers and passwords.
As soon as the Tax Agency becomes aware of these fraud attempts, known as "phishing", it adopts the necessary actions to mitigate its effects and shut down all fraudulent links detected.
However, the first measure for combating "phishing" is to prevent users from providing personal or bank details as a result of suspicious communications and, in this regard, the Tax Agency:

  • Never requests confidential, economic or personal information by email, nor will it ever request your account number or card number by email.
  • Advises that you do not trust any communication in which you are requested to disclose confidential, economic or personal information or which contains a link that does not go to the Tax Agency website.
  • Recommends you view the Security Notice on the E-Office at https://www.agenciatributaria.gob.es/AEAT.sede/en_gb/Inicio/_pie_/_Aviso_de_seguridad_/_Aviso_de_seguridad_.shtml which warns of the different types of fraud attempts.


The Tax Agency is grateful for citizens’ collaboration in combating this type of fraud.