If you receive a message from the Tax Agency in your email, be careful because it could be someone trying to steal bank information. As the OSI or Internet Security Office has discovered, this phishing campaign encourages the victim to prod on a link that appears in the email to redirect the victim to a fraudulent web page.
Specifically, the email arrives in the name of the Tax Agency, but the email has nothing to do with this entity, but is: firstname.lastname@example.org. This should already make you suspicious. In the body of the message, the alleged Tax Agency says that:
We send this e-mail to publicize the following:
After the last calculation on tax activities, we have decided that you are entitled to a tax refund in the amount of € 469.00
To receive said refund, complete and send the form of the tax to be returned.
After this two links. One to access the return of that money. Other link to access more information about the Tax Agency. In addition, the mail is signed by the Spanish Tax Agency.
Already on the web, they request personal information and that of our credit card through forms. Supposedly, You enter your bank information and the Tax Agency returns the money to you of the rent indicated in the email. But in reality, that information can be used to steal your money.
What to do if you have already fallen into the trap
If you have received an email of these characteristics, you have accessed the link and provided your credit card details, contact your bank as soon as possible to inform them of what happened and that they can block any access to your account that is strange.
In addition, they explain from the OSI, you should in the future "remain attentive and periodically monitor the information that is published about you on the Internet to prevent your private data from being used without your consent." Come on, what's going to touch you, from time to time, put your name in Google to search for you (the so-called egosurfing or egocentric navigation).
And what can you do if you find information about you on the web in the future that you have not published? Well you should exercise your rights of access, rectification, opposition and deletion to the processing of your personal data. To do this, you have at your disposal the Spanish Data Protection Agency that offers you guidelines to carry out this process.
These frauds are common during the months in which you have to make the income statement. These campaigns appear practically every year created to steal bank information and money. You just have to be attentive and bear in mind that, although the processes can be done online, this entity will not manage your returns by email.