The OSI (Oficina de Seguridad del Internauta) has alerted us to a level 4 high importance scam going around. This concerns the data contained in your Social Security health card.
A smishing campaign has been detected impersonating Social Security in which they request that you update your health card. They ask you to do this through a link provided. Furthermore, they state that unless you do this, you could risk losing the rights that said card offers.
Through the form that is accessed via this link, the scammers will take your personal data that they have requested. Furthermore, once they have stolen your data, it will be used fraudulently.
What to do?
If you have received an SMS like the one mentioned above, but you have not clicked on the link or provided your information, delete the message and block its sender.
However, if you have entered the link and filled out the form, follow the guidelines provided by the OSI below:
- Collect evidence of fraud, in case you need to file a complaint with the State Security Forces and Bodies.
- In the coming months, do egosurfing. Check for any data that may have been published about you on the Internet. In case you need it to be deleted, resort to the right to be forgotten. You can use tools to perform advanced searches, such as Google Dorks.
- Keep an eye on your email or accounts for which you have provided information in the form to avoid possible phishing attacks.
- You can request help from Social Security to verify the information.
- Learn how to avoid this type of fraud and other similar ones by following prevention tips from the OSI.
What to look out for?
The SMS messages that have been reported so far contain misspellings in their wording. This should always raise alarm bells and suspicions about their veracity.
If the URL is clicked, it will redirect to the following malicious website.This will then request the following information through a form: last name, first name, date of birth and email.
As soon as this information is entered, the cybercriminal will have data at his disposal. This data can then be used to commit future attacks directed at specific people and thus easily deceive more victims.
Please be aware that there are always similar campaigns going around also through emails requesting the same information.
What exactly is smishing?
Smishing is a type of phishing attack that targets individuals through text messages or SMS (short message service). It is a form of social engineering, where attackers try to trick people into divulging sensitive information such as usernames, passwords, or credit card numbers.
Smishing messages can appear to come from legitimate sources, such as banks, financial institutions, or government agencies. And often contain a sense of urgency or fear to prompt the recipient to respond quickly. The message may also contain a link to a fake website designed to look like the legitimate one, or a phone number to call where an attacker may pose as a representative of the organisation.
Once the victim responds or clicks on the link, they may be asked to enter personal information or download malware onto their device. This allows the attacker to gain access to their data, financial accounts, or even control of their device.
To protect against smishing attacks, it is important to be wary of unsolicited text messages, verify the sender’s identity before responding or clicking on any links, and avoid sharing personal information over text or phone unless you initiated the contact and trust the recipient. It is also important to keep your mobile device’s software up to date and install antivirus software to detect and prevent malware infections.
Also read: Smishing campaign to steal your bank details