A message reaches the inbox of your email. The sender is the Federalinforming about a fiscal irregularity with the Income tax last year. By clicking on the indicated link to check the occurrence, the page asks for the login on gov.br, showing the seriousness of the subject. With your personal data, a debt is presented and, to avoid the CPF Blocka pix key for payment is generated. The relief of getting rid of the pending with the tax authorities is instantaneous, but what you don’t know is that you were the victim of a stroke.
A survey by Redbelt Security, a consultancy specializing in cybersecurity, shows that more than 1,400 pages simulating to be from the IRS are on the air. To get an idea, only in the first week of the IR declaration period, between March 17 and 24, 234 fraudulent pages were created – an average of 33 per day.
To the Infomoneythe consultancy CEO, Eduardo Lopes, explains that two factors reinforce the chances of the taxpayer being induced to error: the fact that the criminals often have access to previous data and the improvement of some technological tools.
About the first point, Lopes recalls that data leaks of Brazilians became frequent and also inputs for virtual blows. “Much is said that the purchase is made at Dark and Deep Web, which sounds as something darker, when, in fact, it is possible to find pendrives with this information on Rua 25 de Março,” he says.
Regarding technology, its advances range from reproducing the appearance of official pages to the ability to ensure “good” user (or UX, in the jargon of those who operate digital platforms). In these cases, yes, the expert highlights the use of Dark Web for the purchase of templates of ready and responsive websites.
“The structure is similar to that of an e-commerce, generating payment in a few clicks. As it is usually Pix, there may be a period of expiration of a few minutes.”
It is another trigger, reinforcing the need for the victim to perform the action without thinking too much. In addition, the amount, which can range from $ 100 to $ 200, tends to be affordable for those who declare the IR. “Who wouldn’t be relieved to quickly get rid of a problem with the recipe?” Asks Lopes.
Continues after advertising
Growth of virtual estelionate
The use of digital means to induce another person to error, aiming to obtain illicit advantage, qualifies the crime of electronic fraud, provided for in article 171 of Penal code. The so-called “virtual estelionate” happens through social networks, telephone contacts or email sending, and can lead to imprisonment for four to eight years.
“The creation of false pages is passing through the IRS, in order to charge improper amounts, it fits perfectly in the predicted crime,” says Alexander Coelho, a partner of Godke Advogados and a specialist in Digital Law and Data Protection.
He stresses that the inclusion of this type of crime in Brazilian law is recent, aiming to evolve to follow the advance of virtual blows. “In 2021, Congress approved a change in the Penal Code, precisely to harden the fight against these criminals.”
Continues after advertising
Data from the Public Security Forum show that the occurrences recorded per year due to this type of action jumped from 7,591 to 235,393 cases between 2018 and 2023, a significant growth of 3,101%. However, traditional research mechanisms cannot follow at the same speed.
Coelho points out that one of the main barriers is the ease of scammers to stay in anonymity. Many of them use foreign servers, false data or encrypted networks to hide. In addition, bureaucracy and slow data from platforms make it difficult for more agile investigations.
“The guidance is to register the police report immediately, preserving all tests (prints, emails and messages),” says the expert. It should also be informing the bank or financial institution involved and, if possible, seek legal aid.
Continues after advertising
Those who fell into the false income tax debt coup can (and should) register a more detailed complaint. “If the coup makes reference to the name of the IRS, register the complaint on the website of the municipality, and notify the Ombudsman of the Ministry of Finance.”
Blows involving income tax should grow even more
Redbelt Security projections are that at least 2,500 to 3,000 fraudulent pages will be on the air over the next 30 days pretending to be the IRS. This, however, is still the first phase of the scams with income tax – in this case, involving the period of the statement. Then another window opens to the scammers: the refund step.
“The dynamic is the same: the person gets a message, warning of the pending, and directs to a page that will generate the payment,” says Eduardo Lopes, CEO of the consultancy. In addition to trying to replicate the appearance of official websites, email addresses are also similar, using “GOV” to reinforce a supposed public authority.
Continues after advertising
Here are some examples raised by Redbelt Security (attention, do not click on these addresses):
- RevenueFederal-gov.org/
- RevenueFderalgov.online/
- RevenueFderalBrasil.Site/
- RevenueFderal-brasil.org/
On its website, the tax authorities states that it does not send email communications or text messages pointing divergences in income tax statements through links. “The IRS makes all the official communication through the portal gov.br or e-CAC (Virtual Call Center) ”, says the statement.
Questioned by Infomoney If it has promoted actions to deal with this type of occurrence, the municipality has not positioned itself. For Alexander Coelho, a digital law expert, a direct report of complaint and quick response, involving revenue, federal police and consumer protection agencies, to reduce damage and track scammers.
“When the name of the public administration itself is used as bait, the minimum expected is a proactive stance to protect the citizen.”
Attention to the IR declaration in 2025
Until May 30, those who had taxable income over R $ 33,888.00 last year should make the income tax return in 2025. Check here the mandatory rules. 46.2 million statements are expected, 9% above the 2024 record, when 42.4 million were accounted for.
As shown in this other report by Infomoney, there are also scammers who act emulating the Declaration Generating Program (PGD), either to capture data or to install malicious applications.
To download the PGD, people can access the IRS website and click on the option “Download Program”. On the mobile, the program can also be downloaded at the official stores of Android and iOS applications. In addition, it is possible to do it straight through the official IRS page, ABA“My Income Tax”.