Skatteetaten Warns: We Cannot Stop Scammers Impersonating Us

by Chief Editor

Norwegian tax authorities, Skatteetaten, have issued a formal warning regarding a surge in “spoofing” attacks where malicious actors use the agency’s name to distribute fraudulent emails. These messages, which often promote fake product sales or demand account updates, are not originating from the agency’s internal systems, according to Hallvard Lavoll, acting deputy director at Skatteetaten.

How does email spoofing targeting tax authorities work?

Spoofing occurs when cybercriminals manipulate the “sender” field in an email header to make a message appear as though it comes from a legitimate organization. According to Hallvard Lavoll, this is comparable to writing a false return address on a physical envelope. Because these emails never pass through the agency’s secure infrastructure, Skatteetaten has no technical ability to block the messages at the source.

Lavoll told Nettavisen that Skatteetaten has not been hacked and that the agency is not the one attempting to trick people or sell white goods in the summer heat.

What are the common themes in these phishing scams?

Fraudsters are currently employing a variety of lures to entice recipients into clicking malicious links. Recent campaigns identified by the agency include:

What are the common themes in these phishing scams?
  • Product Discounts: Fake offers for portable cooling boxes, often using the names of legitimate companies like Gjensidige to build trust.
  • Cloud Storage Alerts: Notifications under the name “CloudDrive” claiming that a user’s storage capacity is full.
  • Service Notifications: Claims that a Netflix subscription has expired or that a package delivery from UPS is pending.
  • Account Security: Requests for users to perform an “upgrade” to their Apple iCloud account.
Did you know?

How can you protect your personal information?

Skatteetaten advises that any email appearing to be from the tax office that requests sensitive information should be deleted immediately. The agency maintains strict communication protocols to help citizens identify legitimate correspondence.

According to Lavoll, the agency never sends out advertisements. Furthermore, Skatteetaten will never include links in emails that direct users to input personal credentials, such as national identity numbers, credit card details, or passwords. While the agency works to identify and remove these fraudulent websites from the internet, new campaigns frequently emerge to replace them.

Frequently Asked Questions

Does Skatteetaten ever ask for passwords via email?

No. The agency explicitly states that they never send emails containing links that require you to provide passwords, credit card information, or your national identity number.

Frequently Asked Questions

What should I do if I receive a suspicious email from the tax office?

Skatteetaten recommends that you delete the email immediately without clicking any links or providing any information.

Has Skatteetaten been hacked?

No. According to Hallvard Lavoll, the agency’s systems remain secure. The issue is “spoofing,” where attackers falsify the sender address to make the email look like it originated from the tax authorities.


Have you encountered a suspicious email claiming to be from a government agency? Share your experience in the comments below or subscribe to our newsletter for the latest updates on digital security and fraud prevention.

You may also like

Leave a Comment