Social engineering techniques take advantage of this human vulnerability to trick victims into divulging private information or giving access to their money, bank accounts, etc. Generally, they tend to bet on identity theft, where no one is safe from having their identity stolen.
Generally, they usually impersonate companies, but in a recent notice from the Internet User Security Office, they say that even recently these cybercriminals are acting on behalf of the National Police.
Impersonation of the National Police
Specifically, this new scam focuses on extortion. False emails are sent on behalf of the State Security Forces and Bodies, accusing the victims of crimes related to child pornography.
National Police
@police
🔹From @policia we already tell you that if we seized #pornographic material we would not notify you by email❌
🔹 We wouldn’t ask you to give us your personal data either, it’s about #cybercriminals 💻
#NoPiques 👇 https://t.co/ibsSZqovEa
December 16, 2022 • 20:24
214
0
It explains that they have between 24 and 72 hours to respond with their justifications and evidence to assess responsibilities. In addition, they request that users provide their first and last name, home address and telephone number. In theory, all this information is requested by the National Police or the Civil Guard from the victim, who is threatened with criminal charges against her. Fearing that they will be accused of a crime they have not committed, victims fall into the trap to try to prevent their alleged arrest by providing evidence and justifying themselves.
The Police have already explained on occasions that a criminal proceeding for a crime as serious as this obviously would not have an email as the first step, but surely a judicial summons or an arrest, so this further evidences that the email received is false. In addition, you can catch another series of clues that tell you that it is false, such as spelling and grammatical errors, a common indication for all kinds of phishing.
What to do if you receive one of these emails?
If you have sent the email requested by the cybercriminal by providing your data, try not to respond by providing any personal data or with any other type of response. Instead, as OSI advises, follow the steps below.
National Police
@police
📢Attention!📢
If you receive a file like this you should know that it is false👇❌
#NoPiques https://t.co/fwLdyPy7X3
December 16, 2022 • 10:57
94
2
- Collect evidence, such as email and attachments, and once all the fraud proofs have been obtained, end communications with the cybercriminal, thus avoiding providing more information or encouraging them to indicate more guidelines to follow.
- Go to the State Security Forces and Corps and denounce and report the email address or other means that have been used for extortion and the event.
- In the coming months, if you want to check that information you have provided has not been shared, you can search for such data on the Internet. This activity is called egosurfing.
- If you find information about yourself on the Internet, in search engines, social networks or web pages, you can request its deletion by exercising the right to be forgotten, following the steps indicated by the Spanish Data Protection Agency.
Notifying the State Security Forces and Corps of these impersonations can be key to trying to locate those responsible and prevent them from continuing to deceive people to get hold of data that later ends up in the hands of worse criminals such as those of the dark web.
