It is increasingly common for cybercriminals to try to impersonate banks, large companies and even the Treasury by sending SMS or email (phishing) with the sole purpose of stealing personal data, access to accounts and passwords of the victims who receive these messages.
The Tax Agency is one of the agencies that suffers the most identity theft via SMS and the Police have already warned that this smishing is back.
The smishing of the Tax Agency returns
The cases of smishing do not stop growing and it is usually quite popular because the messages reach hundreds of people. In some cases, even the authorities must go out of their way to alert the population in order to avoid a greater evil.
National Police
@police
❌❌❌❌❌
FRAUD
❌❌❌❌❌The Tax Agency will not notify you of payments or refunds by #sms
🗑 Delete
⚠ It’s #phishing
🗣 #NoPiques https://t.co/NyLLzeGg9tOctober 06, 2022 • 13:03
1.3K
eleven
On this occasion, the Superior Headquarters of the National Police in La Rioja, through the Technological Crimes Group, has again alerted about the SMS scam in which cybercriminals pose as the Tax Agency to offer a tax refund with amounts that are around two hundred and fifty euros.
“The Tax Agency is not going to notify you of payments or refunds by SMS. Delete. Don’t bite. It’s phishing.”
Of course, if we follow the provided link, we will not receive any credit to our account, rather the cybercriminals want the user to click on the link to steal personal information and bank details.
Avoid being a victim of fraud of this type by following the recommendations set by the Internet Security Office:
- Do not open messages from unknown users or that you have not requested, delete them directly. Do not reply to these SMS under any circumstances.
- Be careful when following links, even from known contacts.
- Check the URL of the web page. If there is no certificate, or if it does not correspond to the site we are accessing, do not provide any type of personal information: username, password, bank details, etc.
- In case of doubt, consult directly with the entity involved or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and the Internet Security Office (OSI) of INCIBE.
Waiting for the Google security system
Google is currently testing a solution that focuses on SMS verification to sift out real ones from those that imply some type of impersonation, trying to combat this evil that is smishing.
This new system will be key to being able to identify those SMS that we receive that may be dangerous for our security or that of our mobile device. When we receive a message from a company that registers with Google, Google converts the message into an unreadable authenticity code and compares this code with others that the same company has sent. If they match, then Google will verify that the message is from a secure source.
