Over the past few years, we’ve become accustomed to malicious actors trying to access our computers and data in any way possible. They use multiple avenues such as text messages on our phones, email, fake websites, malicious apps, and more.
Furthermore, on many occasions they pose as completely legitimate companies and organisations to trick us into falling into their trap. For example, this is the case that concerns us in these very lines and which we must be on the lookout for. It is worth mentioning that in recent weeks, specifically throughout this past summer, a massive increase in attacks that were passed off as the DGT has been detected.
The attackers know what they are doing, they are fully aware that during this holiday season, our vehicle journeys increase. That is why they use the General Directorate of Traffic to try to trick us in some way. We are telling you all this because it seems that the malicious campaign is still underway and we could become victims if we are not careful.
How the attack that impersonates the DGT works
Well, it should be noted that its mode of operation is very simple and can be effective. In principle, we receive a supposed notification about a traffic violation that we have committed, pretending to be from the DGT. This is a notification that could reach us either through an SMS message to the mobile phone, or via email.
The trick to make us fall into the trap is to hurry us to pay the supposed fine for the traffic violation as soon as possible. Otherwise, the amount of the fine, according to what we are informed, increases with each passing day. This causes us to not value the message we are receiving properly and to hurry up to comply with the demand.
Thus, along with the message, a URL is attached that takes us to a malicious page with a design very similar to that of the General Directorate of Traffic itself. Here we are going to be asked for a series of personal and private data, including banking data, so we are already making them available to malicious actors.
What to do in the face of this scam
Therefore, if we come across a message of this nature, we should act accordingly. Of course, we should ignore all requests for data, and we should not even click on the attached link. It is best to delete it if it is a message to a mobile phone, or send it to the spam folder if it is an email.
It would be a good idea to even present this message to the authorities so that they can inform the rest of the citizens. And in the event that we have entered our personal data on the fake website, the first thing we should do is take screenshots of it all and notify our bank. We should also file a complaint in case this data is used maliciously later on.
