Skip to main content

List of frauds detected

Skip information index

Online: false websites and phishing

Attempts at fraud refer to alleged tax refunds or reimbursements, through the sending of mass email communications in which the identity and image of the State Tax Administration Agency, or the identity of its management staff, are impersonated. These scams often refer to some information which must be provided to get the tax rebate.

In these fraudulent emails, known as “phishing”, refers to a non-existent tax refund in which the person receiving the email benefits. In order to receive the money, the recipient has to go to a website where they are asked to give their bank account and credit card details.

The aim of the criminals is to steal the victim's personal or banking data, either by sending them to a fake website that impersonates the Tax Agency or by making them download files containing viruses.

Do not pay attention to these messages, they are an attempt at fraud by impersonating the image of the Tax Agency.

This is not the first time that this type of fraudulent email has been used. For this reason, raising awareness and informing citizens is essential. We recommend:

  • Do not open messages from unknown or unsolicited users, delete them directly.
  • Do not reply to these messages under any circumstances.
  • Be careful when following links in emails, even if they are from known contacts.
  • Be careful when downloading email attachments, even if they are from known contacts.

The Tax Agency reminds that the best measure is prevention against suspicious communications that include requests for bank details.

The Tax Agency reminds you that:

  • Never request confidential, financial or personal information, account numbers or card numbers via email, or attach attachments with invoice information or other types of data.
  • We never pay rebates via credit cards or debit cards.
  • We never charge for the services we provide. The person who uses them will only assume the shared cost of calls to 901 telephones.

See examples of these Tax Agency impersonation campaigns New window

The Tax Agency is the owner of the website comprising the Portal (domain name: “www.agenciatributaria.es”) and the e-Office (domain names: “sede.agenciatributaria.gob.es”, “www.agenciatributaria.gob.es”, "www1.agenciatributaria.gob.es", "www2.agenciatributaria.gob.es", "www3.agenciatributaria.gob.es", "www6.agenciatributaria.gob.es", "www8.ia.agenciatributaria.gob.es", "www9.agenciatributaria.gob.es", "www10.agenciatributaria.gob.es", "www12.agenciatributaria.gob.es", collectively referred to as the “AEAT website”).

Always keep in mind that any Tax Agency procedure that involves a payment will be carried out through the AEAT website and under secure e-commerce conditions.

Also, the Tax Agency expressly prohibits the use of frames or any other third-party mechanisms that alter the design, the original configuration or content of any of the domains described in this security notice.