The Spanish National Cybersecurity Institute (INCIBE) has issued a warning about a phishing and smishing campaign impersonating the Dirección General de Tráfico (DGT).
Fraudsters are targeting citizens with fake messages claiming they owe traffic fines.
How the scam works
Cybercriminals send fraudulent emails or text messages to unsuspecting victims. These messages create urgency, claiming that immediate payment is required to avoid further penalties.
Clicking the provided link directs users to a fake website mimicking the official DGT site. Victims are asked to fill out forms with personal and banking details, including uploading an image of their ID card (DNI/TIE).
What to do if you receive these messages
If you’ve received a suspicious email or text but haven’t clicked the link:
- Report the message: Send the email or text to INCIBE’s incident reporting inbox.
- Block the sender: Prevent further messages by blocking the sender on your device.
- Delete the message: Remove the fraudulent message to avoid accidental clicks.
Steps to take if you’ve shared your data
If you’ve clicked the link and entered your personal or financial details, follow these steps immediately:
- Contact your bank: Inform your bank about the potential data breach to protect your account.
- Collect evidence: Take screenshots of the messages and fraudulent website. Use online tools to authenticate these.
- Monitor your data: Regularly search for your personal details online to detect unauthorised use.
- Seek help from INCIBE: Call their Cybersecurity Help Line for guidance on next steps.
- Report to authorities: If you’ve uploaded your DNI or TIE, file a police report to request a replacement ID and aid in the investigation.
Recognising legitimate DGT communications
The DGT does not notify fines through third-party websites. Official communications are sent via:
- Postal mail.
- The electronic road address (DEV) notification system.
How to stay safe online
To prevent falling victim to smishing and phishing:
- Be cautious of messages with urgent payment requests.
- Look for spelling or grammar errors in suspicious emails or texts.
- Verify website links to ensure they match the official DGT domain.
Visit INCIBE’s resources on social engineering attacks for more tips on avoiding phishing and smishing scams.
By staying alert, you can protect your personal data and avoid becoming a victim of these fraudulent campaigns.