According to the Public Prosecutor's Office (MP), they “intend to convince victims to provide them with all their bank card details, with the argument that they intend to reimburse them for overpayment of taxes (supposedly VAT)".
"As usual in cases of 'phishing', the process begins with the indiscriminate and random sending of fraudulent email messages to a large number of recipients," the PGR's Cybercrime Office said in a statement, noting that there had been previous identical campaigns in 2020, 2021 and also in 2022.
This time, the note states, specific messages from this campaign were flagged up by the Cybercrime Office, with more intensity from Wednesday afternoon, with the title "Warning: VAT Refund" and addressed to "Dear Taxpayer".
The fraudulent messages include phrases such as "Based on the latest tax calculation, we have determined that you are eligible for a tax refund", "Click below to complete the refund process through the online Finance Portal", very prominently indicating a button with the caption "ASK FOR REFUND HERE".
The messages are signed with the expression "©2022 Autoridade Tributária" and include a logo normally used by that public entity.
"These are fraudulent messages, which do not come from the AT: they were not sent by the AT or from computer systems belonging to this public entity", warns the Public Prosecutor's Office, explaining that these false messages came from addresses on various servers, or from email accounts illegitimately accessed by criminals and used for this specific purpose.