Tax Agency warns of new phishing cases
As on previous occasions, we have detected the arrival of fraudulent emails related to notification notices trying to impersonate the identity of the State Agency of Tax Administration and the Single Enabled Electronic Address (DEHU) under the appearance of legitimate domains (agencia.tributaria.es, dehu.es), which do not correspond to the real domains of these services. Moreover, in these emails, the content refers to supposed postal notifications or notifications of pending payments. An example of this type of email is shown below: From: noreply.dehu@correo.gob.es <noreply.dehu@correo.gob.es
>
Sent on: Saturday, 21 September 2024 13:51 To: **** Subject: Sending: Courtesy notice of a new electronic notification We inform you that a new notification is available with the following data:
- *** S.L. with NIF/NIE: ****** as Holder
- Issuing Agency: Agencia Estatal de Administración Tributaria, with DIR3: EA0028512
- Identifier: 2459231308792
- Expiring on: 09/27/2024
- Concept: Administrative notification
How you can access: This notification can be downloaded from the Single Enabled Electronic Address (DEHÚ) of the General Access Point, available at: https://dehu.redsara.es. For your convenience, we provide a direct link to the notification: https://dehu.redsara.es/notificaciones-pendientes/2459231308792/ver. You can also access the Notifica app on your mobile device:
- iOS: https://apps.apple.com/us/app/deh%C3%BA-notifications/id6450259609
- Android: https://play.google.com/store/apps/details?id=es.gob.dehu&hl=es_ES
Know that: In accordance with the provisions of Articles 41 and 43 of Law 39/2015, of October 1, of the Common Administrative Procedure of Public Administrations, the acceptance of the notification, the express rejection of the notification or the presumption of rejection for not having accessed the notification during the period of making it available, will consider the notification process to have been carried out and the procedure will continue. You may receive this notification by various electronic means or even on paper by post. If you access the contents of this notification by more than one of these means, please note that the legal effects, if any, always start from the date of first access. This is a courtesy notice sent from the single Enabled Electronic Address. At any time you can access, rectify or delete email addresses through the form available at https://dehu.redsara.es/contacta. Government of Spain The Tax Agency insists that it never requests confidential, financial or personal information, account numbers or card numbers of taxpayers by email or SMS, nor does it attach attachments with invoice information or other types of data. In the case of the Tax Agency, always remember that in order to avoid falling into this type of fraud, if you access through a link received by e-mail, confirm that the domain of the pages you are accessing is agenciatributaria.gob.es. In the Electronic Headquarters of the Tax Agency you can consult examples of messages sent by false e-mails impersonating the identity of the Tax Agency detected in 2022. Do not pay attention to these messages, it is an attempt of fraud supplanting the image of the Tax Agency. As in other campaigns of this type, the victim is encouraged to click on a link that will redirect him to a malicious web page, very similar to the legitimate one, where, if he enters his data, these will be in the hands of the cybercriminals. In this case, the cybercriminals ask for your ID card or even your electronic certificate in order to be able to access the notification. In case cybercriminals get hold of this information, they could use it for future frauds by impersonating the identity. If you have received an email like the one described in this notice, it is recommended that you delete it directly and report it to the IT team so that they can take the necessary steps to block it and to other employees to avoid possible victims. If you have accessed the link and entered the data:
- Be alert to possible subsequent contacts. Having provided your name and ID number, it is possible that cybercriminals may try to obtain other information.
- If necessary, consider revoking and obtaining a new digital certificate.
- Scan the computer using an updated antivirus.
Remember that, in the event of any suspicion, it is preferable not to access any suspicious links or download files from unreliable sources. Phishing is one of the cyber-attacks that most affect companies. You can contact this professional firm for any questions or clarification you may have in this regard. Best regards.
