Filing your taxes? Watch out for scammers

The tax filing season brings not only administrative obligations each year, but also increased activity from cybercriminals. They take advantage of the situation by impersonating tax authorities or other trusted institutions. At first glance, their messages appear credible and often mimic official communication. In reality, they lead to fraudulent websites designed to gain access to bank identity credentials and other sensitive data.

Summary: Be careful where you enter your data when filing taxes

• Scammers exploit the tax season for targeted attacks
• They impersonate tax authorities sending phishing emails and SMS messages
• Links lead to fraudulent websites imitating official portals
• The goal is to obtain login credentials, especially for bank identity

Tax season attracts scammers

Cybercriminals know exactly when to strike. They take advantage of the period when people are dealing with their taxes and send messages that at first glance appear as trustworthy communication. These messages often include official-looking logos and formal language, creating a sense that it is necessary to act immediately. Most commonly, they involve emails and SMS messages about tax refunds or errors in their tax return.

The message typically contains a link that may not raise suspicion, especially if the recipient is stressed or in a hurry. After clicking it, the user is redirected to a website that closely imitates an official portal. The difference, however, is critical. The entered data does not go to the authorities but to attackers, who can then use it to access services, access your bank identity, or carry out further fraud.

These attacks rely heavily on quick reactions. They exploit stress, time pressure, fear of financial loss, and trust in authority, causing people to act before they have time to verify the information.

Similar cases have also been reported by the Czech Financial Administration, which has recorded repeated waves of phishing emails impersonating their communication. They warns that it never requests payments or sensitive data via email or SMS and that official communication always takes place through other channels. It also emphasizes that its official email addresses always end with the domain @fs.gov.cz.

How to protect yourself from scams

• Do not respond to suspicious emails or SMS messages, do not click on links, and do not open attachments.
• Always access official portals directly, not via links in messages.
• Check the sender, official Financial Administration emails use the domain @fs.gov.cz.
• If unsure, verify the message directly with the authority using official contact channels.

These scams recur every year and continue to evolve in sophistication.

What if you have already entered your data?

• Contact your bank immediately and secure your account
• Change all passwords that may have been compromised
• Keep messages or emails as evidence

Final Safety Recommendations

1. Our app Redamp.io includes a Safe Surfing  feature that effectively handles protection against the latest threats such as phishing or malware.

2. Stay informed! Read our blog  and follow notifications in the app about the latest threats we are monitoring for you.

3. Be cautious! Pay special attention to:

   • phishing  (fraudulent emails),
   • smishing  (fraudulent SMS messages),
   • vishing  (fraudulent phone calls),
   • quishing  (fraudulent QR codes),
   • and ransomware  (ransomware software).

Sources:

Finanční správa 2024 

Finanční správa 2025 

Moje daně