With the opening of the deadline for submitting the income statement, Spanish citizens can already access their fiscal data through the mobile application and the electronic headquarters of the Tax Agency. However, this technological ease has also triggered an increase in digital fraud attempts, cybersecurity experts warn.

The ProofPoint company, specialized in computer security, warns about the rise of attacks designed to deceive taxpayers and steal confidential information. And, every year, cybercounts take advantage of the rental campaign to intensify their Phishing strategies and identity impersonation. According to Proofpoint, since the beginning of 2025 a notable increase in malicious domains that are passed through tax agencies and financial entities have been registered in order to deceive users.

The methods used by scammers range from emails and fraudulent text messages to false telephone calls. “The fiscal issue is always a popular claim for cybercriminals, especially in times of tax declaration. We have detected a significant increase in these campaigns worldwide,” explains Selena Larson, senior intelligence analyst on threats in Proofpoint.

Deception tactics and new attack strategies

In recent months, attackers have perfected their methods to make their fraudulent messages more difficult to detect. One of the recent strategies identified is the use of legitimate platforms, such as Revolution, to send false payment requests and evade traditional security systems. Unlike Phishing’s classic methods, where the goal is to obtain access credentials, these new tactics seek to directly deceive users to make fraudulent transactions.

In addition, malicious emails detected by ProofPoint contain attachments or attachments that can install malware on victims devices. Among the most common threats are programs such as Rhadamanthys, Zgrat, Metastealer and Xworm, capable of stealing financial information and access credentials.

Alert if you receive a message from the Treasury: Supplant cyberfrauds could return to this rental campaign

How to protect yourself from digital tax fraud

To minimize risks and avoid falling into these deceptions, ProofPoint recommends following a series of caution measures:

  1. Training and awareness: It is essential that users learn to recognize emails and fraudulent messages. Detect alert signals, such as grammatical errors, suspicious email addresses or unusual requests for personal data, can be key to avoiding a scam.
  2. Verification of official sources: Before responding to a message or clicking on a link, it is advisable to directly verify with the Tax Agency or the corresponding financial entity if the communication is legitimate.
  3. Use of security tools: Implement advanced safety solutions, such as email filters and URLs analysis, can help block threats before they reach the user entry tray.
  4. Information access control: Companies and organizations must limit access to sensitive data only to authorized users and monitor any suspicious activity in their internal systems.
  5. Assume that human error is inevitable: Cybercounts constantly seek new ways to exploit human vulnerability. Therefore, in addition to training, companies must have a quick detection and response systems to minimize the impact of possible attacks.

A global threat that requires constant prevention

Digital fiscal fraud is not limited to Spain. The company indicates that these tactics have been observed in multiple countries during their respective tax seasons. “The attackers use the urgency and pressure of fiscal terms to deceive people, creating credible stages of fines, sanctions or problems with their statements,” says Larson.

Given this panorama, the best defense remains information and prudence. Avoid providing personal data by non -verified channels, distrusting messages with urgent applications and reporting fraud attempts to the relevant authorities are essential steps to protect themselves in this income campaign. Cybersecurity is a shared responsibility, and prevention is key to avoid being a victim of these digital deceptions.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.