Imposto de Renda Phishing: How to Avoid Tax Scams During Brazil's Filing Season

Every year between March and May, over 40 million Brazilians file their Imposto de Renda (income tax) return through the Receita Federal. This annual ritual creates a perfect storm for scammers: millions of people expecting tax-related communications, the stress of deadlines, and the excitement of potential refunds. Phishing attacks impersonating the Receita Federal spike by over 400% during filing season.

Here is how to recognize these scams and keep your financial data safe.

Common Tax Season Scams

1. Fake Tax Refund Notifications

The most effective lure. You receive an email or SMS claiming your tax refund (restituicao) is available:

• "Receita Federal: Sua restituicao de R$3.247,89 esta disponivel. Confirme seus dados: [link]"
• "IRPF 2026: Restituicao aprovada. Clique para consultar: [link]"

The link leads to a fake Receita Federal website that asks for your CPF, bank account details, and Gov.br password. Scammers use this data to access your real tax account, redirect your actual refund, or commit identity theft.

2. "Problem with Your Declaration" Emails

A professional-looking email arrives with the Receita Federal logo, warning that your tax declaration has errors or inconsistencies. It instructs you to download a "correction report" (which is malware) or log in to a fake portal to "fix" the issue.

3. Fake Malha Fina (Tax Audit) Notifications

You receive a message claiming you have been flagged for malha fina — the Receita Federal's audit process. The scam creates panic, pushing you to click a link or call a fake number to "resolve" the issue immediately. Real malha fina notifications only appear in the e-CAC portal, never by email or SMS.

4. Fake IRPF Software

During filing season, scammers create fake versions of the IRPF filing software or offer "free IRPF calculators" that contain malware. Once installed, the malware captures your tax data, banking credentials, and personal information.

5. Fraudulent Tax Preparer Scams

Fake "contadores" (accountants) and tax preparers advertise online at unusually low prices. They collect your complete financial data — income, investments, dependents, bank accounts — and either file a fraudulent return or sell your information.

6. CPF Regularization Scams

Messages claim your CPF is irregular and must be updated before you can file your tax return. The fake regularization page collects your full personal data.

Phishing Techniques by Channel

Channel	Common Lure	Red Flag
Email	"Refund approved" with Receita Federal logo	Sender is not @rfb.gov.br
SMS	"CPF irregular — regularize now"	Contains shortened URL
WhatsApp	"Download your DARF payment slip"	Government does not use WhatsApp
Phone call	"This is Receita Federal audit division"	RF does not make outbound calls
Social media ads	"Check your refund status instantly"	Links to non-gov.br domain
Search results	Fake IRPF download pages	Domain is not gov.br

How Receita Federal Actually Communicates

Understanding the real communication patterns eliminates most scam risk:

What Receita Federal DOES Do

• Sends notifications through the e-CAC portal (Centro Virtual de Atendimento ao Contribuinte)
• Posts announcements on the official website gov.br/receitafederal
• Sends physical mail for some formal notifications
• Publishes refund schedules publicly on their website

What Receita Federal NEVER Does

• Send emails asking you to click links
• Send SMS with payment links or login requests
• Contact you via WhatsApp
• Call you to request personal data or payment
• Ask for your password or banking credentials
• Send tax bills or DARFs by email

How to Verify Legitimate Tax Communications

Step 1: Access e-CAC Directly

The e-CAC portal is the only official digital channel for your tax affairs:

1. Go to cav.receita.fazenda.gov.br (type it directly, do not search)
2. Log in with your Gov.br credentials or digital certificate
3. Check for any actual notifications, pending issues, or refund status
4. If there is nothing in e-CAC, the message you received was fake

Step 2: Check Refund Status Officially

During refund season:

1. Access the Receita Federal website at gov.br/receitafederal
2. Navigate to "Consulta Restituicao"
3. Enter your CPF and date of birth
4. The system shows your actual refund status and batch

Step 3: Verify IRPF Software

Only download the filing software from the official Receita Federal website:

• Desktop program: gov.br/receitafederal > IRPF section
• Mobile app: Search "Meu Imposto de Renda" in official app stores, developer must be Receita Federal

Step 4: Verify Your Tax Preparer

If using a professional:

• Check their CRC (Conselho Regional de Contabilidade) registration
• Verify through the CRC website for your state
• Never share your Gov.br password — a legitimate accountant works with your documents, not your government login

Protecting Your Tax Data

Before Filing

• Update your antivirus software before downloading any tax-related files
• Use a secure connection — Do not file your taxes on public Wi-Fi
• Backup your declaration on an encrypted drive, not in plain cloud storage
• Verify all pre-filled data in the IRPF program before submitting

During Filing

• File through the official program only — Never through third-party websites
• Enable Gov.br two-factor authentication before filing season
• Save your declaration receipt (recibo) securely — it is needed for amendments and proof of filing

After Filing

• Monitor your refund status only through official channels
• Check your e-CAC periodically for any malha fina notifications
• Store your tax documents securely for at least 5 years (legal requirement)

Sharing Tax Documents Safely

There are many legitimate reasons to share tax documents — with your accountant, employer, bank for a loan application, or spouse. These documents contain your most sensitive financial information: income, investments, CPF, bank account numbers, and dependents' data.

Do not email tax documents or send them via WhatsApp. Use LOCK.PUB to create a password-protected link with an expiration date. Your accountant accesses the documents through the link, and after the expiration, the access disappears — your complete financial profile is not sitting permanently in an email inbox.

What to Do If You Fell for a Tax Scam

1. Change your Gov.br password immediately and enable two-factor authentication
2. Check your e-CAC for any unauthorized amendments or filings
3. Change your banking passwords if you entered them on a fake site
4. Run a full malware scan on your computer
5. File a B.O. (police report) online
6. Report to the Receita Federal through the official website
7. Monitor your CPF through Registrato (Banco Central) and Serasa for unusual activity
8. File an amendment if your return was tampered with — use the official program to submit a "retificadora"

Tax Scam Quick Reference

Use this checklist when you receive any tax-related communication:

• Does it ask you to click a link? → Likely fake
• Does it create urgency or threaten penalties? → Likely fake
• Is the sender domain @rfb.gov.br? → Check (can still be spoofed)
• Can you verify the claim in e-CAC? → Always verify there first
• Does it ask for passwords or bank details? → Definitely fake
• Did you receive it via WhatsApp? → Definitely fake

Conclusion

Tax season phishing in Brazil is predictable — scammers use the same techniques every year, adapting the details but keeping the core approach. The Receita Federal communicates only through e-CAC and its official website. Any message asking you to click a link, share credentials, or make an immediate payment is fraudulent.

Keep your tax documents secure. Visit LOCK.PUB to share financial documents through free password-protected, encrypted links that auto-expire after use.