Warning: Fake “Finanças” Email Phishing Scam

INLIS Consulting
Jul 17
2 min read

Portuguese taxpayers are being targeted by a new wave of phishing emails impersonating the Portuguese Tax and Customs Authority (Autoridade Tributária e Aduaneira, AT).

Don’t Take the Bait: Stay Alert Against Fake Finanças Emails.

What’s going on?

Portuguese taxpayers are being targeted by a new wave of phishing emails impersonating the Portuguese Tax and Customs Authority (Autoridade Tributária e Aduaneira, AT). These fraudulent emails include a fake authentication link designed to trick you into entering your credentials, then steal them. Diário de Notícias

What the Fake Emails Look Like

Sender and Subject
- Appear as official AT emails.
- Subjects may mention payment pending, IRS updates, or legal notifications.
Visual Trickery
- Include actual logos and design styles mimicking the Finanças portal.
- Show attachments named like Portaldas Financas.pdf or Financas.pdf
The Bait: Fake Login Page
- The email invites you to click a link leading to a page that looks like the AT authentication screen.
- It specifically imitates the “Chave Móvel Digital” (CMD) login form, asking for your mobile number and personal authentication code.

How It Works

Step 1: You receive a convincing email claiming a tax issue, an incomplete IRS, or a pending action.
Step 2: You click the link or open the attachment.
Step 3: You're taken to a fake login portal, styled like the real Portal das Finanças.
Step 4: You enter your mobile number and the CMD code.
Consequence: Your credentials are captured by fraudsters, allowing unauthorized access and misuse.

Why It’s Dangerous

The scam mimics the official site’s added security measures, like the recent introduction of SMS codes post-password.
Once accessed, attackers can request payments or steal sensitive personal and financial data.

Tips to Spot and Avoid This Scam

Warning Sign	What to Look For
Unexpected emails	From “Finanças” asking for urgent action
Official lookalikes	Logos, layout, attachments
CMD login prompts	Mobile number and code—that's a red flag
Urgency tactics	“Pay within 2 days” or “Legal process” messages
Suspicious links	Hover to inspect; real links will point to financas.gov.pt or autenticacao.gov.pt

How to Protect Yourself

Ignore suspicious emails unless you requested something directly from the AT.
Never click unknown links or open attachments in unexpected emails.
Type URLs manually (e.g., financas.gov.pt) in your browser to log in.
Confirm security protocols:
- Check for https:// and the lock icon in the address bar.
- The domain should be exactly *.gov.pt.
Use official resources:
- The AT provides a “Security Information” brochure on its website with prevention tips Government of Portugal
Report fraud:
- Inform AT via their official channels or report phishing attempts.

Bottom Line

Portuguese taxpayers need to stay vigilant. These phishing campaigns are increasingly sophisticated, copying the official Portal das Finanças and using real security measures (like CMD login) as bait. Always double-check the sender, URL, and avoid interacting with unsolicited emails. When in doubt, visit the official site directly.