Cybercriminals are exploiting Poland’s tax filing season with sophisticated phishing scams targeting taxpayers’ personal and financial data.
How Cybercriminals Operate During Tax Season
Tax fraud schemes often rely on known phishing methods, but during the tax filing period, they become much more convincing. Cybercriminals use logos of public institutions, imitate official government language, and even manipulate phone numbers (so-called spoofing), causing a trusted government office name to appear on the phone screen.
Thanks to AI, language barriers or spelling errors that once exposed scammers have almost disappeared. Today’s phishing messages are written in impeccable Polish, and their tone perfectly imitates an official government style, which may lull even experienced internet users into complacency.
The result? Fake emails or SMS are increasingly difficult to distinguish from authentic messages from the National Revenue Administration.
Warning Signs: How to Identify Fake Tax Office Communications
Tax fraud related to PIT mainly relies on evoking strong emotions – fear of sanctions or excitement over supposed overpayment. If you receive a suspicious message, pay attention to the following warning signs:
The tax administration does not send links to tax forms in SMS messages or ask to log in to the e-Tax Office through a link in an email. Messages suggesting immediate inspection or high penalties if you don’t react “within a few hours” should raise suspicion.
Official information about irregularities is sent by traditional mail or through a verified mailbox in the e-Tax Office/mObywatel system. Requesting payment of a small amount – e.g. a few zlotys missing – through an unknown platform or cryptocurrency almost always means an attempt to bank data.
The Ministry of Finance does not require sending passwords for electronic banking or credit card numbers to process a tax refund.
Types of Cyberattacks Targeting Taxpayers
Tax return fraud takes various forms. Criminals use emails, SMS messages, messengers, and phone calls. Impersonating the Ministry of Finance or KAS is one of the most common methods. Messages contain information about overpayment, the need to update data, or urgent payment.
Some phishing campaigns involve sending documents allegedly confirming the filing of a declaration (e.g. UPO) or containing a PIT correction. Opening a file may result in malware installation and loss of control over the device.
The criminal calls, posing as an official or tax advisor, and tries to obtain personal data under the pretext of explaining errors in the declaration. Regardless of the method chosen, the scammers’ goal remains similar: to persuade us to provide electronic banking login credentials, credit card numbers, or to hand over full personal data.
Beware of “Guaranteed High Refunds” and Fake Advisors
Social media increasingly offers promising record tax refunds thanks to “unknown methods” or “secret deductions”. In practice, such advertisements can lead to the extortion of money for fictional services or the takeover of personal data.
Particular caution should be exercised towards unknown intermediaries suggesting entering their bank account number in the tax return. Providing complete financial data to a person found on the internet carries the risk of significant losses and identity theft.
Safely Transferring 1.5% of Your Tax
The tax period is also when taxpayers decide who to transfer 1.5% of their tax to. Unfortunately, this mechanism is often exploited by cybercriminals. They create fake tax return sites or applications containing a counterfeit KRS number controlled by scammers.
Ten Commandments of Safe Online Tax Filing
If you receive a suspicious message about a tax refund, remember that cybercriminals rely on evoking emotions, so the best defense is a calm assessment of the situation and verifying every message at the source.
Let’s remember that state institutions do not ask for login credentials or credit card numbers in email or SMS messages. Online PIT filing can be quick and convenient – provided that caution is exercised.
During the tax season, it’s worth following a principle of limited trust and treating every message about a tax refund with due reservation. The security of financial data depends primarily on our alertness.
