Recently, fraudulent email campaigns have been detected that impersonate the identity of the State Tax Administration Agency (AEAT). These messages inform about a supposed notification at the unique Enabled Electronic Address (WOW) and urge the recipient to access links that, in fact, lead to websites controlled by cybercriminals. The main goal is to infect devices with the Grandoreiro banking trojan, Designed to steal banking credentials and other sensitive information.
The National Institute of Cybersecurity (INCIBE) has issued a high-profile alert about this phishing campaign, highlighting that there are several versions of the email that seek to trick users into providing personal and banking details. In addition to email, the spread of these frauds has also been observed through SMS messages, Technique known as smishing.
The Tax Agency has reiterated that it never requests confidential information, economic or personal, account numbers or taxpayer card numbers via email or SMS. That is why, It is recommended not to attend to these messages and, When in doubt, access directly to the official website of the Tax Agency to carry out the appropriate checks, avoiding links that could be included in these fraudulent messages.
To protect against these types of threats, It is essential to keep security systems and solutions up to date on all devices, as well as be alert to unsolicited communications that require urgent action or provide suspicious links. Raising awareness and informing citizens are essential to prevent fraud that seeks to compromise the financial and personal security of users.
Fountain: Digital Shield