The National Institute of Cybersecurity (Incibe) has issued a warning about a new and dangerous computer scam that is circulating.
This time, the cybercriminals have resorted to an ingenious and manipulative tactic: impersonating the Social Services and asking the victims to provide three photographs, two of the national identity document (DNI) and one of their own face. Under the excuse of verifying files, this trap has been dubbed ‘smishing’, a variant of ‘phishing’ that uses text messages (SMS) to deceive people.
The main characteristic of the fraudulent text messages they use is that they have notable deficiencies in wording and spelling, which should arouse suspicion. In addition, the communication varies between a formal and informal tone, a clear sign that it is an attempt to deceive.
These messages include an email address to which victims are instructed to send the requested information. However, this email is a sure sign that it is a scam, as it is from an unofficial domain. It’s important to note that legitimate organizations, whether government entities or businesses, use specific email addresses and not generic domains like ‘gmail.com’ or ‘hotmail.com’.
Those who fall for this trap and share their personal information risk having it used by cybercriminals for fraudulent activities, including phishing.
Most commonly, people who have not provided personal information block the sender and delete the message as a precaution. However, those who have fallen for it need to take additional steps. The National Institute of Cybersecurity (Incibe) recommends keeping all the evidence and filing a complaint with the security authorities. In addition, it recommends following a series of steps that you can take if you have provided personal data:
Common sense is key to protecting yourself from these scams. We must always verify the authenticity of the communications we receive, paying particular attention to grammatical errors, suspicious email addresses and links provided to us.
Legitimate institutions will absolutely never ask for personal information through generic emails, as they have their own domains.
Cybersecurity is a shared responsibility, and staying informed and alert is crucial to avoid falling into digital traps like this.
