Where to do it and how to avoid being targeted by cybercriminals

This Wednesday begins the period to present the income statement of the income obtained in 2021 via ‘online’, an occasion that many cybercriminals take advantage of to execute so-called ‘phishing’ attacks.

To proceed to make the income tax return in this first period virtually, it is necessary to connect to the website of the Tax Agency Headquarters and access the Draft/declaration processing service.

In the first place, the taxpayer must use an identification system, be it a recognized electronic certificate, a [email protected] PIN or a reference number.

It should be remembered that there is an ‘online’ help service to process and submit the income tax return called Renta Web, a simulator that does not require identification previous or valid fiscal data of the users.

Another option available to file the income tax return is from the mobile phone and through the Tax Agency application, available both at App Store like in Play Store.

In this case, also ID needed either by electronic DNI, electronic certificate, reference number or PIN code.

The latter has its own application, so that, in order to proceed with identification using the PIN Code, it is necessary to download it before starting the declaration on the Tax Agency platform.

The application presents, like the web version, different sections. One of them is called Processing of draft/declaration, where I know they must include the necessary data to start the process.


On the occasion of the start of the 2021 Income Tax Return campaign, cybercriminals take the opportunity to start their own ‘phishing’ email campaigns supplanting organizations such as the Ministry of Finance.

Recently, the computer security company Bitdefender has identified a similar technique, based on sending ‘spam malware’ via email and aimed at European users that uses false requests to claim payment of taxes.

Attacks can also be produced using the ‘vishing’ technique or fraudulent phone calls of people who claim to work for the Treasury and try to convince victims to offer them personal data.

From the company specialized in automated and integrated cybersecurity solutions, Fortinet, they ensure that the main objectives of the ‘hackers’ are small business owners, new taxpayers under 25 and those over 60.

This is because fraudsters think that these people may be less informed about tax policies, so they may be more vulnerable to manipulation and deception.

In order to stop these attacks, Fortinet advises look for grammatical and typographical errors in suspicious ‘phishing’ emails, which often include easy-to-identify typos.

However, they recommend being suspicious as a rule of any unexpected email or phone call that claims to be from the Treasury or other government agencies. In case of doubts about a call, the ideal is to contact the Internet Security Office.

It is also not advisable to share personal information such as Social Security number or credit card information, both by phone and by email.

By Editor

Leave a Reply