Massive Phishing Attack Disguised as the State Tax Service: How Scammers Operate and Why This Is a New Challenge for Cybersecurity in Ukraine
In 2025, a massive distribution of fraudulent emails has been recorded in Ukraine, allegedly sent on behalf of the State Tax Service of Ukraine (STS). These emails have become a tool for spreading malicious software, which can pose a serious threat to both individuals and businesses. This was officially announced by Acting Head of the STS Lesia Karnaukh.
In recent days, fake emails with the subject “notification about a financial audit regarding the legalization of funds” concerning a particular organization have been spreading across the country. The emails are disguised as official correspondence from the STS, but they have nothing to do with the tax service. As Lesia Karnaukh emphasized:
“STS has nothing to do with this distribution, so we ask everyone to be careful.”
The main danger lies in the attachments in these emails opening the files leads to the launch of malicious software, which gives fraudsters the opportunity for hidden unauthorized access to the user’s computer. In fact, this opens the way for full control over the victim’s system.
Analysis of mass distributions in 2025 shows that scammers carefully forge the attributes of the emails using the emblem or formatting similar to that of the real STS. However, real tax service addresses always end with “@tax.gov.ua,” while phishing emails come from addresses in no way connected with the state service.
The messages use emotional pressure and formal language to make the recipient want to react immediately download the attachment or provide data. It is the opening of the attached files that is the moment of compromise the virus gains control over the device.
Official Response from the STS
The State Tax Service promptly responded to the incident, publishing clarifications and warnings for all taxpayers. The main recommendations are:
- Do not open attachments in suspicious emails.
- Follow personal cyber hygiene rules.
- Be cautious even when receiving emails from familiar senders attackers can spoof the sender’s address.
- If possible, verify the authenticity of the received email by confirming with the sender.
Lesia Karnaukh emphasized:
“The emails contain malicious software. Opening the attached file leads to the launch of a malicious program that creates technical possibilities for hidden unauthorized access to the user’s personal computer. There is a real danger of infection.”
In 2025, a particularly massive wave of such attacks has been recorded, which is a new challenge for the information security of government agencies and private users. Previously, the STS had already refuted information about mailings in which the tax service allegedly demanded explanations regarding money transfers or invited people to visit local branches. But this year, the scale and technical complexity of the attacks have increased.
Under the guise of a financial audit or legalization of funds, scammers manipulate people’s trust, exploiting the urgency of tax inspections and fear of sanctions. According to the tax service, the emails are sent out en masse, and no official employee of the service is involved in these actions.
Post List
What to Do When Receiving Suspicious Emails
In the context of a mass phishing attack, it is important to act quickly and carefully:
- Do not open attachments in suspicious emails, even if they look official.
- Follow the basic rules of cyber hygiene: do not click on suspicious links, do not provide personal or banking information.
- Verify the sender’s authenticity contact the STS directly through official contacts.
- Remember that the real state service does not send such emails from unknown domains.
The mass phishing campaign disguised as the STS in 2025 has become a serious challenge for the digital security of Ukrainians. The main task is not to panic, not to open suspicious files, and to immediately inform the relevant authorities about fraud attempts.
In the face of modern cyber threats, the key role belongs to the awareness and attentiveness of every user. Following the recommendations of the tax service is the best protection against the loss of personal data and financial resources.
About the Author
Related posts:
Energy Terror and the Country’s Response: Anatomy of the Massive Attack on Kyiv and Ukraine 
Zelenskyi Urges West to Act After Massive Attack on Kyiv and Odesa 
How Currency Supervision Rules Are Changing: The Joint Initiative of the State Tax Service and the NBU 
A 16-Billion-Record Leak: How InfoStealers Became a Threat to Everyone
