This week the 2020 Income and Wealth declarations campaign began, a process that will last until June 30 and in which security must be taken into account to protect yourself from cyberattacks that seek to scam to taxpayers.

Just one day after the start of the campaign, the first threats related to Income 2020 began to appear, and the National Cybersecurity Institute (INCIBE) warned about a ‘malware’ that, posing as the Tax Agency, acts through a email with the subject ‘Fiscal action’ to steal personal data from users.

During the previous years, the Income campaign has been threatened by cyberattacks such as ‘phishing’, which impersonate identity by digital means precisely with the aim of stealing information, as is the case with the ‘malware’ alerted by INCIBE.

The Tax Agency has on its web portal examples of fraudulent email campaigns in which your identity has been spoofed to scam citizens. One of these is precisely in relation to the income statement of last year.

This message read the following: “They have detected irregularities in your affidavit of Income corresponding to 2019. Attached to this message is your invoice with deference that should. In case of not making the payment on time, you can incur extra charges and fines“.

These types of messages, similar to an official communication, provoke the fear of the user, who agrees to carry out the procedure that is requested. However, there are a number of evidence showing that, effectively, it is a hoax, as Entelgy Innotec Security, Entelgy’s cybersecurity division, has collected.

The four most common signs They begin by realizing if the sender’s domain is not the official one. In the example mentioned, the email is sent by notice@agencia.es, where the domain would be ‘Agencia.es’. However, as the AEAT collects on its portal, his real domain is ‘mail.aeat.es’.

The second indication that it is a fraud is that the channel is not the one normally used. AEAT never ask taxpayers for this type of information through this medium.

Likewise, another indicator that can lead to suspicion are the spelling errors. Typically ‘phishing’ emails include several writing mistakes. And as can be seen in the message, the word ‘declaration’ does not have an accent and ‘sworn’ is written as ‘sworn’.

The fourth indication that we are facing a ‘phishing’ attack is the presence of attachments to download in emails, or links that are requested to be accessed are included.

It is important to know that both options can infect the device from which the mail is being read. Therefore, if the user sees any of these cases (in the example what is required is to download an invoice), be wary.

Examples like this message are expected to are repeated throughout the campaign of this year. However, when in doubt there is always the option to contact the Agency directly Through one of its official telephones (901 200 347, 91 757 57 77 or 93 442 27 64) and ask for the veracity of the received mail.