"Dear Mrs. Rodríguez, we send you your tax receipt of the income statement made." "Mr. Pérez, we inform you that in order to make the income statement for the 2021 financial year, you must update your data by accessing the electronic office. We provide you with the link so you can update your data. «Your bank has not been able to make the payment of the corresponding taxes after making your declaration. Please go to the headquarters to check that the bank details are correct. Messages like these (whether by mail, SMS, WhatsApp or phone call) are some of the baits launched by cybercriminals during the rent campaign. To avoid falling into the trap, our main tool is distrust and being attentive to some key points, as both banking entities such as Caixabank and the Internet Security Office (OSI) remind us.

Many times, the domain of the email address that sends the mail is very similar to the official one and there are even times that cybercriminals manage to supplant the legitimate one. For this reason, as Caixabank underlines, this cannot be our only indicator to know if it is a truthful email.

What can serve as a clue is to bear in mind that in the case of taxpayers in the Basque Country, unless they have had their residence outside the autonomous community, who must contact them is their respective Foral Treasury and not the Tax Agency or the Ministry of Finance and Public Administration.

Ask yourself if the administration or entity that supposedly sends you the message would request that information by the means by which you received it. Neither the Treasury nor the banks nor the electricity or telephone companies request or send personal data through these channels. What the Tax Agency or the Regional Treasury do use email or SMS messages for is to inform you of the status of your return or notify you that you have a notification at their electronic headquarters. Since you can consult this information through the official website, ignore the message and its links, just in case.

It can also give us clues. They usually try to create a sense of urgency or importance to encourage us to fall into fraud. Oh, and if you see misspellings and typos, throw it away with no regrets. Although fake emails are getting better and better written, these errors are a clear indication of fraud.

Fraudulent messages often contain attachments or links as bait for their scam. Never open any suspicious link or document. In the event of any communication related to our personal or banking data, it is best to ignore the message, not download any attached file and, to find out if there is indeed an official body trying to contact us, contact the alleged sender by searching the Internet for their citizen service channels. without ever using the links or phone numbers that appear in the message.

The Treasury has your bank details and knows which accounts you operate with, so it does not charge returns through cards (neither credit nor debit) or through Bizum.