Fake Tax Agency Emails Target Ukrainian Citizens in New Phishing Wave

Fraudulent Messages Disguised as Official Tax Authority Correspondence

According to ХВИЛЯ: A large-scale phishing campaign is currently targeting Ukrainian taxpayers with fake emails that appear to come from the State Tax Service. These messages, carrying subject lines like 'discrepancies in reports,' demand that recipients review an 'inspection report' and submit explanations. Attackers threaten administrative asset seizure if the target fails to comply or respond.

The fraudulent emails are sent from third-party addresses or ones spoofing the official @tax.gov.ua domain. The most dangerous elements are attached files in .zip, .rar, and .pdf formats containing embedded scripts, as well as .exe and .scr files. Opening such attachments can give cybercriminals full remote access to a user's device without any visible signs of intrusion.

Cybersecurity Best Practices to Follow

The State Tax Service has confirmed it has no connection to these emails and urges taxpayers to follow basic cybersecurity hygiene. Key recommendations include:

• Do not open suspicious attachments or links;
• Verify the sender's email address;
• Do not trust familiar contacts without confirmation;
• Use antivirus software.

This information was reported by the Ministry of Finance and the 'Khvylia' news outlet.

The widespread nature of these fake emails highlights the growing cybersecurity challenges in Ukraine. As the country continues to digitize services and shift toward electronic platforms, taxpayers must stay informed about potential threats and adhere to expert recommendations. Protecting personal data and financial information has become a top priority in the face of modern cyber risks.

In light of recent cybersecurity threats, it's essential for citizens to remain vigilant against various forms of cyberattacks. For instance, a similar incident was reported involving a mass email virus campaign linked to Russian sources, which further underscores the urgent need for robust online security measures. To learn more about this alarming trend, read our coverage on the email virus campaign that has raised concerns among Ukrainian users.