How to recognise scam e-mails and text messages
- We never ask people for their personal data, bank card details, bank account passwords or PINs by e-mail, text message or phone.
- We never charge a fee for a tax refund.
- We do not use QR codes or, as a general rule, any links in our correspondence.
- We do not add attachments to our e-mails.
- Our texts are in grammatically correct Estonian language.
- We always use the official name – Maksu- ja Tolliamet (Estonian Tax and Customs Board).
Information on the characteristics of phishing can be found on the Estonian Information System Authority's website itvaatlik.ee.
E-mail addresses from which the Tax and Customs Board sends notifications
The Tax and Customs Board also sends notifications via the national mailbox
The e-mail address of the Tax and Customs Board in the national mailbox is [email protected]. If messages from your national mailbox are forwarded to your personal e-mail address, you can confirm that the notification was sent by the Tax and Customs Board if the sender’s address is [email protected].
You can see all notifications sent to your national mailbox by logging in to the State Portal eesti.ee or the Eesti app.
How to recognise scam calls
Currently, there are also scam calls where people are asked to authenticate themselves in order to, for example, get a refund of incorrectly calculated tax, receive a letter from the Estonian Tax and Customs Board or correct their income tax return.
We recommend that you hang up the phone immediately. Never share your personal data on the phone!
What characterises scam calls
- Urgent action is demanded – the caller demands speedy decision-making or action, e.g. payment.
- Personal data – the caller asks for your personal data, bank card details, bank account passwords or PINs. We never ask for such information by phone or e-mail.
- Suspicious number – the call comes from an unknown, often foreign number, which may have an unfamiliar country code or an unusual format.
- Intimidation or manipulation – scammers threaten with payment problems, possible penalties or other dangers in order to get a person to act.
- Unable to speak the official language – the caller speaks Russian and is not willing to switch to Estonian.
- Be careful and hang up! If necessary, call our official customer support information line to verify the situation.
What to do if you are not sure whether an e-mail or message has been sent by the Estonian Tax and Customs Board
- Do not open links or QR codes in the e-mail or message.
- If you have opened the e-mail or link in it, do not enter your personal data, bank account details, passwords or PIN codes.
- The safest way to enter the e-services environment of the Estonian Tax and Customs Board is via the link on our website.
- If you are in doubt whether a notification received in the name of the Estonian Tax and Customs Board (ETCB) is legitimate or not, please inform our customer support at [email protected] and write down the e-mail address or phone number from which the notification was sent.
- If you have received a phishing e-mail, forward the phishing site, e-mail or message to the Estonian Information System Authority (RIA) at [email protected]. RIA specialists take the necessary steps to ensure that the phishing site linked to the e-mail is deleted from the web and no one else falls victim to it.Suspicious phishing e-mails and attachments received with them, malware samples, etc. can be sent to the RIA for analysis in their file transfer environment.
What to do if your personal data falls in the hands of strangers
If criminals have gained access to your passwords, PIN codes or bank card information, your device has been infected with malware or your social media account has been taken over, you need to act quickly and systematically.
- In case of suspicion of fraud related to the codes of an identification tool, immediately change your mobile-ID PIN codes, delete your Smart-ID account, suspend your ID-card certificates.
- If you have entered your bank card details on a phishing page, then block the card immediately in the bank's official application, self-service or contact the bank by calling the official customer support number to close the card.
- Report the incident to the Cybercrime Bureau of the Police and Border Guard Board.
- Contact the Estonian Information System Authority (RIA) for advice on how to proceed. RIA experts also help to submit a report to the police if necessary.
- If you have entered your bank card details on a phishing web site, immediately contact your bank using the customer support number on the bank's official website to close the card.
- More information is available on Police and Border Guard Board's page “How to protect yourself against scammers” (in Estonian).
Last updated: 11.03.2026
