Taxpayers have begun receiving emails that appear to be official notifications from the State Tax Service. Subject line usually states “Request for documents and explanations within the tax control framework” to entice the recipient to open the email or attachment.
In fact, these emails are fraudulent. Such emails may contain malicious attachments or dangerous links, opening which can infect personal computer and give attackers remote access to device.
Third-party email addresses are used for mailing, in particular reply@starsgram.shop, which have no relation to the State Tax Service.
Please note that all official email addresses of the State Tax Service have the domain @tax.gov.ua, and official email of the State Tax Service is post@tax.gov.ua. If the letter came from a different address, this is a good reason to consider it a fake.
Attachments in .pdf, .zip, .rar formats, as well as files with .exe and .scr extensions, are particularly dangerous. They are the most common way malware spreads, providing unauthorized parties with hidden access to the user's computer.
To protect, the payer should follow simple rules of cyber hygiene:
- do not open suspicious attachments or click on dubious links;
- carefully check the sender's email address;
- do not trust even familiar contacts without additional confirmation.