We are in the tax return period and, like previous years, an email has returned to circulation that could lead Italian taxpayers to fall victim to a new phishing attempt. Taking advantage of the logo and name of the Revenue Agency, cyber criminals send communications that appear to come from the well-known Italian tax government body, in which an alleged tax refund is promised linked to the 2025 tax return. Let’s find out a little more closely how the fake tax refund scam works and how to defend yourself.
How the fake tax refund scam works
The operation of the scam is based on a proven and, unfortunately, effective mechanism. The email sent by the scammers uses the logo, institutional colors and a tone that perfectly imitates that of the official communications of the Revenue Agency. The message invites you to click on a link to collect the refund, but the link leads to a fraudulent web page – which however was artfully constructed, faithfully imitating the graphics of the AdE portal – where you are asked to enter your personal data, including name, surname, tax code, residence address, e-mail address, telephone number and, obviously, also your credit or debit card details.
Recognizing the fraudulent nature of these messages requires a little attention on our part, but it’s nothing too complicated. Even if the communications sent by cybercriminals are increasingly similar to the original ones of the entities they are impersonating (such as the Revenue Agency in the case of this phishing attack), there are clear signs that should ring possible alarm bells. The most obvious one is the fact that the link included in the communication does not refer to the institution’s institutional website (i.e agenziaentrate.gov.it) and that the sender of the message is an email address that has nothing to do with that of the Agency.
How to defend yourself from the new email phishing campaign
To defend yourself from the fake tax refund scam, it is sufficient to remember a golden rule, which applies to practically all serious institutions and companies. We are referring to the fact that entities of the caliber ofThe Revenue Agency never asks for bank details via email. Never. If you receive a message that wants you to believe otherwise, trash it: it is definitely a scam attempt.
The organization officially confirmed this, reiterating that it had no relationship with these communications. Furthermore, in the official note with which it reported the incident, the Revenue Agency provided this advice:
As always, we recommend that you pay the utmost attention if you receive emails of this type, avoiding clicking on the links provided or providing personal information and we invite you to proceed with their elimination immediately. In case of doubts about the veracity of a communication received, our advice is to carry out a preliminary check by consulting the “Focus on phishing” page of the Agency’s institutional portal, or by contacting the contacts always available on the institutional portal www.agenziaentrate.gov.it or directly to the territorially competent office.
