Emails, SMS and phone calls. This is how cybercriminals attack your income statement

• Economy How to request the draft of the Income Statement 2021

• Income Economy 2021-2022: Until when can the declaration be made?

The theft of banking credentials and personal data during the rent campaign marks a dangerous rising price in the cybercrime market.

The proliferation of fraudulent campaigns through the mass sending of

and

under a false sender has put various Spanish banking entities on alert.

The most common 'black market' method among network criminals lies in including within the message that users receive a link to a cloned page where, as a general rule, the taxpayer is requested a series of data in order to solve an alleged and attractive amount -does not usually require payment- in account with the public Treasury.

If the user accesses the website in question without noticing the scam and provides the required data, then they complete the scam.

that, subsequently, trade with everything harvested.

The cybersecurity experts consulted by this newspaper agree that, for the moment, there is no evidence that the Tax Agency requests bank credentials through emails or through text messages.

Therefore, they invite distrust of any type of information that is requested through these channels throughout the collection period.

Phishing, smishing and vishing

Behind these three anglicisms hide the white gloves that network criminals spend the most.

Phishing

is their favorite perch, it consists of sending massive email campaigns to the taxpayers' directory at collection times

In these, a supposed tax receipt to be settled with the Treasury is attached, indicating both the date of issue and the total to be collected.

Despite the fact that the letter sent to the inbox is sent by an official domain, it has numerous grammatical errors that should make it suspicious of its veracity.

Fake email WORLD

"What this method is looking for is to redirect people to a web page where they request the data. Sometimes, they do not even ask for the same data that they request on the official website. It is important to inform the citizen that the Tax Agency does not request this type of data through this type of channel", emphasizes

, director of the intelligence department of S23.

If in these times of calculator and Excel sheet you receive a proposal to modify your draft, certify that it is an official source.

Smishing consists

sending huge amounts of SMS including, once again, a link to a fake page run by cybercriminals.

In the same way as in attacks that occur through emails, all the data provided by the victim is copied to an attached server.

With much less frequency, cybercriminals also use the telephone channel to steal data through calls in which they pose as Tax Agency officials.

Vishing

uses the VoIP methodology together with social engineering processes to obtain information from those affected

Experts also warn that, as a result of the launch of the official application of the Tax Agency, there are several servers that offer a fake

that corrupts the device from which it is downloaded.

These have a modified code chain whose objective is to access the bank information and other belongings of the registered user inside the phone.

How do I protect myself from these attacks?

"The most important thing is that the users themselves are aware that the Tax Agency does not require data through these methods. They must carefully review the senders of the emails and must be aware of the URL, which is usually very different from the official one", emphasizes Lourdes Mora.

In the event that our device has already been infected by an external agent, it recommends a solution that is as simple as it is effective;

perform an integral sweep and reset the computer to zero.

Conforms to The Trust Project criteria

Know more