Phishing in business: How to protect your invoicing

Avoid cyber scams in your business. Learn how to identify phishing attacks and protect your Moloni ON account and tax data.
Phishing in business: How to protect your invoicing
Moloni

Moloni

The best tips for your business.

Content designed to support entrepreneurs and businesses in managing, generating revenue and growing their business.

Publicado em 25 junho 2026
0 min leitura

Phishing is one of the biggest digital security threats facing businesses in Portugal. This type of cyberattack relies on psychological manipulation to steal confidential information, such as banking credentials or Portuguese Tax Authority (AT) access keys. For business owners, the risk is doubled: besides direct financial losses, the integrity of your invoicing software and your customers' data are also at risk. Adopting a proactive approach and using secure cloud-based tools, such as Moloni ON, is essential to mitigate these risks.


Key takeaways

  • Social engineering: Phishing does not attack the operating system; it attacks the user. It relies on fake emails, SMS messages or phone calls impersonating trusted entities (such as the Portuguese Tax Authority, banks or Moloni ON itself) to trick you into clicking malicious links.
  • Invoicing at risk: A successful attack can expose your SAF-T (PT) file, your customers' invoicing data and even allow criminals to issue fraudulent documents in your name.
  • Warning signs: Spelling mistakes, an extreme sense of urgency ("Your account will be suspended today!"), suspicious email addresses and requests for information that no official entity would ever ask for by message.
  • Active protection: Enabling two-factor authentication (2FA), being suspicious of unsolicited attachments and ensuring your team knows how to identify suspicious communications are the foundations of your security.
  • A secure partner: Using certified, cloud-based and regularly updated invoicing software, such as Moloni ON, ensures that your data is encrypted and hosted on servers with high security standards.

What is phishing and how does it affect businesses in Portugal?

Phishing is a type of cyber fraud in which attackers impersonate well-known brands, banks or public organisations to steal confidential information. The term comes from fishing, because the goal is literally to cast a digital "bait" and wait for someone to take it.

In the Portuguese business environment, the tax ecosystem is one of cybercriminals' favourite targets. It is very common to receive fake emails that perfectly imitate the visual identity of the Portuguese Tax Authority Portal or technology providers. The main targets are usually business owners and accounting departments, taking advantage of the pressure of meeting tax deadlines to encourage mistakes.


How can you identify a phishing email pretending to be from the Portuguese Tax Authority or Moloni ON?

Phishing attacks are becoming increasingly sophisticated, but there are always clues that reveal the scam if you look carefully. The golden rule is to check the sender. Often, the displayed name is "Portuguese Tax Authority", but when you inspect the email details, the real address is something like support@at-portugal-financeiro.com instead of the official .gov.pt domain.

Pay close attention to the tone of the message. Phishing thrives on urgency and fear. Phrases such as "You have an outstanding VAT debt. Pay within the next two hours or legal proceedings will begin" are designed to make you act impulsively, without thinking. Also look out for grammar mistakes or terminology that does not match European Portuguese. Official communications in Portugal follow strict language standards.

Moloni ON, for example, will never ask you to provide your login credentials or invoicing data through a link sent by email or SMS. Any changes to your account or access to your information should always be made directly through the secure login screen.


What are the consequences of a phishing attack on your invoicing?

If an attacker gains access to your credentials, the impact on your business can be devastating. At the top of the list is unauthorised access to invoicing records and customer history, which directly breaches GDPR requirements and may result in substantial fines.

In addition, cybercriminals may download your SAF-T (PT) file to obtain a complete overview of your turnover, profit margins and banking information. In more serious situations, they may use your software to issue fake invoices or fraudulent credit notes, changing payment details so that your customers transfer money to the scammers' accounts. Correcting this situation with the Portuguese Tax Authority and the affected customers can require lengthy and expensive audits.


How can you protect your Moloni ON account and your business's digital ecosystem?

Security starts with your daily habits and the configuration of your working tools. Implementing technical safeguards and fostering a healthy culture of caution within your team significantly reduces the chances of a successful attack.

The table below summarises the main differences between a legitimate communication from your business ecosystem and a phishing attempt:


FeatureLegitimate Communication (Portuguese Tax Authority / Moloni ON)Phishing Attempt
Email DomainAlways ends with @moloni.pt or @at.gov.ptGeneric domains (Gmail, Outlook) or fake domain variations
Included LinksAlways direct to the official website using the HTTPS protocolShortened, suspicious or misspelled links
Requests for InformationNever ask for passwords or PINs via email or SMSAsk you to confirm passwords, card details or Portuguese Tax Authority credentials
Tone of the MessageInformative, official and neutralAlarmist, threatening or promising easy refunds

The best defence is direct verification. If you receive an email asking you to update your Moloni ON information through a link, do not click it. Always enable two-factor authentication (2FA) on every platform that supports it. Even if someone discovers your password, they will not be able to access your account without the verification code sent to your phone.


What should you do if your business becomes a victim of phishing?

If someone in your company clicked on a suspicious link and entered sensitive information, time is your most valuable asset. You should act immediately to contain the damage and isolate the affected systems.

1. Change your credentials: Immediately update the password of the compromised account and every other account where you use the same email and password combination.

2. Revoke access: If the compromised information includes your Portuguese Tax Authority access credentials (used to submit SAF-T files or transport documents), log in to the Portuguese Tax Authority Portal and immediately revoke or change the affected access key.

3. Contact support: Notify the Moloni ON support team so they can monitor unusual activity on your invoicing account and verify whether any suspicious access has occurred.

4. Notify your bank: If you have shared your company's banking details or credit card information, immediately contact your bank's fraud department to block the affected accounts.

5. Report the incident: Phishing is a criminal offence. Gather all available evidence (screenshots of the email, technical headers and malicious links) and report the incident to the Portuguese Judicial Police or through the Public Prosecutor's online portal.

Keep your systems up to date, be sceptical of anything that seems excessively urgent and ensure that your invoicing runs on a secure, certified platform such as Moloni ON. Your company's security depends on your vigilance.

phishing