Vulnerability at the SAT site would put 61.5 million Mexicans at risk

The place web of the Tax Administration Service (SAT) registers “a vulnerability” digital that could put at risk tax data, banking y personal of up to 61.5 million Mexicans.

As revealed Advertising meter in the note SAT site hacked days before millions file their annual return, a group hacker ‘Mexican Mafia’known as ‘Lord Peña’showed that the portal is not entirely secure.

The hacker warned that the SAT portal presents “a vulnerability” that would allow launching campaigns of phishing advanced, to deceive and make taxpayers share all their data.

“I found a ‘reflected XSS’ vulnerability that allows me to execute JavaScript code on the client side without directly affecting the SAT server.”

— ‘Lord Pena’

The latter, just one day before the official period begins so that the Physical persons submit their annual tax return during the month of April; which represents a risk latent for the theft of information, using the tax authority as a decoy.

People at risk due to SAT vulnerability

He SAT Tax and Management Reportcorresponding to the fourth quarter of 2023, reported that there are 11 million 542 thousand 31 individuals, who must present their Annual statement of taxes no later than April 30, in accordance with current legislation.

This group of taxpayers – made up of workers independent, professionals, entrepreneurs and small business owners – would be the direct target of the phishing and attacks of fraud that arise from the “vulnerability” of the SAT site.

However, the number of people at risk of being deceived by hackers could multiply and grow by several million, if the salaried –workers who receive a salary– who voluntarily submit their annual declaration each year, seeking to obtain a devotion of taxes.

The SAT report indicated that in the country there are 50 million 24 thousand 797 salaried, who must submit their annual tax return, if they obtained income of more than 400 thousand pesos during 2023; without counting those who do them voluntarily.

Likewise, those who had more than two employers, ended their employment relationship before December, obtained income through a business or received property rental fees are obligated.

Just as the people who perceived income by liquidation, Labor indemnification, pension o retirement or, those who have received an inheritance or prize such as the Lottery.

All of them could be at risk of falling into the traps of hackers, if phishing campaigns are carried out, that arise from the digital “vulnerability” located on the website of the SAT.