The Tax and Customs Authority (AT) issued a security alert at the beginning of February 2026 aimed at all Portuguese taxpayers. According to the AT website, fraudulent email messages and SMS are circulating that simulate official communications from the tax institution, in a new campaign of digital fraud that aims to collect sensitive data.
These messages reproduce official logos and use formal language that accurately imitates that of legitimate communications, warned AT, a tax specialist and reference portal for taxpayers.
The links included redirect to pages that replicate the Finance Portal, where you are asked to fill out forms with personal, tax or banking data. This method, known as phishing, allows fraudsters to access bank accounts, make fraudulent purchases or commit identity crimes.
The period chosen by criminals is not random. February concentrates several tax obligations, including the payment of the Single Circulation Tax for many drivers, making taxpayers more likely to react quickly to urgent communications, according to the same source.
Simple rules for recognizing official communications
The Tax Authority clarifies that there are clear rules that are never violated in official communications. All emails end in the domain @at.gov.pt, so messages coming from other addresses should be immediately considered suspicious. The institution never requests the introduction, update or confirmation of personal data via email or SMS.
All procedures related to tax information must be carried out exclusively through direct access to the Finance Portal, using each taxpayer’s own credentials.
Additionally, AT never sends payment links. Taxes and fees can only be paid through the official platform or at authorized entities, the portal reinforced. Keeping contacts updated on the platform allows taxpayers to more easily distinguish between true and false messages, according to the same source.
Protective measures to avoid financial losses
To protect themselves, taxpayers must always confirm the origin of messages and access the Finance Portal independently, by typing the address in the browser or through the official application.
It is essential to check that the address starts with https:// and corresponds exactly to the official domain, as fake websites may have small changes that are difficult to detect at first glance.
If a taxpayer has already clicked on a suspicious link and provided personal or banking information, they should act immediately. Contacting the bank to block cards and change access credentials, as well as updating passwords for the Finance Portal and other relevant accounts, is crucial.
The report must be submitted to the police or the Attorney General’s Office, including screenshots of the messages received.
This information helps authorities track fraudsters and prevent future victims, concluded the Tax Authority’s reference portal.
Pay extra attention during critical fiscal periods
Phishing campaigns intensify whenever deadlines for complying with tax obligations approach. Scammers know that taxpayers are more anxious and likely to act quickly when they receive messages that appear urgent.
According to , being suspicious of unsolicited communications that ask for personal data, even if they appear official, remains the golden rule to avoid losses.
Also read:
