Updated on Wednesday, October 20, 2021 – 13:04
The scam uses ordinary mail, which arouses less suspicion, to try to obtain bank details of the victims
The fake mail that victims receive.
Social Security has warned on its social networks of a fraud by letter that impersonates the entity to scam citizens. In this document, which includes the logo of the General Treasurer, bank details are requested from those who receive them under the pretext of a loss of information derived, precisely, from a computer attack.
The letter also refers to an increase in performance that works as bait for this hook, which, according to experts, is not the only case of phishing applied to a physical format. They also explain that the same techniques can be used to detect these hoaxes as in the case of fraudulent emails.
Thus, the letter asks that images of the DNI and bank information be sent to an email address. This is in itself a loot for the criminal, but also opens a communication window with the victim -which believes that he is talking to the Administration- in which other information can be obtained or even money can be sent.
“It’s done exactly like phishing,” he warns Herv Lambert, responsible for consumer operations at Panda Security. And he believes that it is a fairly well thought out “bulk shipment”. “My mother, I’m sure she would have fallen,” he admits. Moreover, he considers that he himself could have had his doubts, although the absence of a telephone or physical contact address, together with an email address that did not have the domain of the Ministry, but of a third party (Outlook, in this case) , he finished setting off his alarms.
Leaving the digital circuit has, in a way, its advantages for scammers, according to this expert. For one thing, a letter has a halo of officers that email doesn’t always get. In addition, the population is more accustomed to distrusting electronic communications and in case of doubt it is easier to forward them to a more knowledgeable person who can detect deception.
“Either the guy has been super wasted and has tried and succeeded or behind there is a structured study,” explains Lambert. “It seems that the cybercriminal lately thinks a lot and looks for ways to get a higher return,” he continues. And the return is not necessarily monetary, at least immediately, but it can also be the obtaining of bank details.
How to spot a scam
Lambert warns that we are in a moment “quite complex“In this area because the attackers” do things that arouse the interest of the people in terms of response. “In this case they hide behind an apparently official communication that, on the one hand, requests information for an organization that should have it and, on the other hand, the other refers to benefits -speaking of retirement- that concern citizens.
“You have to cultivate a slightly paranoid culture,” sums up the expert. As, recommends “double check all the steps we take“and read these emails on more than one occasion for spelling mistakes or inconsistencies.
“Normally the sheets are a bit more professional format,” he explains, “but we see that if we stop, breathe and think about those things.” The letterhead, for example, should include a physical address and a contact telephone number to call in case of doubt. “We have to stop, read the letter two or three times and look for misspellings or things that call us a lot of attention, such as the domain of the email, and, above all, not run,” he adds.
“Nobody in a ministry uses an Outlook email address; domain is key“adds Lambert. In this sense, it should be remembered that official bodies They are hosted in .gob.es domains and they never turn to other service providers for the mail. Also, “you have to look at the envelope” and see what type of postage has been used and consider that Social Security will never send a letter requesting information by email. If you have any questions, it is always advisable to go in person or call the official citizen service numbers.
According to the criteria of
The Trust Project Learn more