Lisbon, July 17, 2025 (Lusa) - The Tax and Customs Authority (AT) is warning people that new fraudulent emails are circulating on behalf of the tax authorities, one of which includes a link to a page that simulates authentication on the Finance Portal.
In a note the AT published on its website on Wednesday, similar to others it issues from time to time, the tax authority says it is “aware that some taxpayers are receiving messages purportedly from the AT asking them to click on links provided”.
The AT said, “The messages are fake and you should ignore them,” and it explains that these phishing attempts aim to convince email recipients to access “malicious pages by clicking on the suggested links” or to make “undue payments”.
In this warning, the AT presents images of some of the fraudulent emails and fake pages created to resemble the AT’s platforms.
One of them simulates the authentication service on the AT’s website through the Digital Mobile Key, the login method that requires the mobile phone number and personal code associated with this official government feature.
The AT’s warning comes days after the tax authorities introduced a second authentication factor on the Finance Portal, by associating a mobile phone number, allowing the AT to send a verification code that must be used in conjunction with the NIF and password to access the website.
In addition to the messages about authentication on the portal, other fraudulent messages similar to those that appear regularly are circulating.
In one case, the recipient receives a payment reference to settle an amount that they supposedly have to pay to the AT (in one of the cases presented by the AT, the person would have to pay €291) This fake message states that “a pending payment has been detected” for a tax relating to the last tax year and asks the alleged taxpayer to settle the amount within two days.
In another message, the recipient learns that they must update the information on their income tax return submitted at the beginning of July (it should be noted that the legal deadline for submitting returns was 30 June).
In another email message, the attackers discuss an alleged legal proceeding and, to encourage the recipient to click on a link, state that the full content of the alleged notification is attached and that a password is required to access it.
Scammers are also sending mobile phone messages to deceive citizens. One message claims that the recipient “has an outstanding debt” and that, to avoid “seizure proceedings”, they must settle the situation via the link provided.
In another case that came to Lusa’s attention, the sender pretends to act on behalf of the fraudulent ‘National Office of Proceedings’ of the AT and sends the email, which ends with ‘@santorini.com.co’.
In the same warning, the website published, the AT recommends that citizens read the “information leaflet on Information Security” available on the Finance Portal. Still, this page does not provide a link to the document.
You can find it on the AT website in two ways: by typing the phrase “information leaflet on Information Security” in the search bar and then selecting the first result in the “information” section; or by clicking on the “Taxpayer Support” line in the sidebar of the website, followed by the links “Useful information”, “Information leaflets” and, finally, “Information Security”.
In this leaflet, the AT recommends that citizens always confirm information, reply only to trusted messages, avoid clicking on links or downloading and opening files, and protect “their credentials for access to the Finance Portal”. In addition, it suggests that citizens delete messages “of unknown origin or dubious content”.
PCT/ADB // ADB.
Lusa
