The social engineering techniques used by cybercriminals continue to evolve. They impersonate all kinds of organisms and entities to have more options to confuse their victims and that they fall into the trap.
On this occasion, a new smishing campaign has been detected that promises a refund on your taxes, but what it will end up doing is emptying your checking accounts.
Alert for new smishing campaign
On this occasion, the scam begins with the receipt of an SMS message which presumably can claim the annual tax refund 2022-2023 on a supposed government page. The formats that have been reported are usually of the type “You have not yet received the annual tax refund for the dates 2022-2023, claim your refund of 431.78 euros through the link provided”. It should be noted that it is sent from a private telephone number, without official identification.
If you click on this link, it takes you to a web page that impersonates La Moncloa and later gives you a choice between different banks such as Bankia, CaixaBank, BBVA and Santander to process said tax refund.
Obviously, this is yet another case of smishing, a type of social engineering in which cybercriminals reach their victims by sending an SMS that impersonates other entities or organizations.
How to report these impersonations
This case of smishing, which has been communicated by the Internet User Security Office (OSI), must be reported as soon as possible to the affected financial entities. If you receive a message like the one we’ve shared above, contact your bank as soon as possible.
- BBVA: contact with the entity to report the incident or ask questions and review their information portal.
- Santander: reports the incident and find out through your information portal.
- Bankia and CaixaBank: Get in touch with Customer Support and check the information portal to keep you informed.
