If we want to take care of our privacy and security when moving around the Internet or using connected devices, we must be vigilant. Attackers are increasingly using more complex and difficult-to-detect techniques and campaigns to trick us and get our data.
For example, this is the case that concerns us right now with a campaign that the National Cybersecurity Institute or Incibe has already warned us about. For many, their vacation period has already started, or will soon begin. This means that it is important to have everything related to the car up to date so as not to have problems when traveling.
Well, we tell you all this because a malicious campaign has just been detected that impersonates the General Directorate of Traffic or DGT and tries to take our personal data and money. Below we will show you how it works so that you keep an eye out and do not become potential victims of all this.
These types of campaigns are dangerous all year round, but even more so at this time of year, as many people will be using their cars in the coming weeks. This is a circumstance that attackers take advantage of, as it will increase their chances of us falling for the scam. Let’s see how they work to avoid becoming victims, with the problems that all this could cause.
At this point, we can say that malicious campaigns similar to the current one have already been detected in the past. And if they are repeated, it is mainly because there are victims who fall into the trap and unwittingly provide private and sensitive data to malicious actors, something that we must avoid at all costs.
How the DGT scam works
The first thing we must take into consideration is that this scam that attempts to obtain our personal data by impersonating the General Directorate of Traffic, begins with an SMS that we receive on our mobile phone. In it, they remind us that we have some supposed pending fines that we should pay as soon as possible so as not to lose the points on our driving license.
Given the time of year we are in, this could be an important lure to get us to take action much sooner. In the text message itself we find a link where we must provide a series of personal details. Obviously, the website to which it redirects us is fraudulent and that is precisely where the private information that the attackers are looking for is extracted.
In addition to data such as our ID or full name, we are sometimes also asked for our bank details. As you can imagine, once we have filled in this data, supposedly relating to outstanding fines, it is sent to the attackers’ remote servers.
Therefore, to avoid this type of scam, the first thing we should do is distrust any message of this nature that reaches us via email or SMS. If in doubt, the best thing we can do is contact the entity that allegedly sends it to us, in this case the DGT.
In addition, and to ensure that this does not happen to other less experienced users, we can also inform the National Police or the Civil Guard of this scam by providing the messages received as a scam. In this way, the State Security Forces will be able to warn the rest of the citizens.
