Social security has warned in its social networks of a fraud by letter that is passed through the entity to cheat the citizens.
In this document, which includes the General Treasury logo, bank data are requested to those who receive it under the pretext of a loss of information derived, precisely, from a computer attack.
The letter also alludes to a climb of benefits that works as a bait for this hook that, according to the experts, is not the only Phishing case applied to a physical format.
They also explain that to detect these deceptions, the same techniques can be used as in the case of fraudulent emails.
Thus, the letter asks to be sent to an e-mail address Images of the DNI and Banking Information.
This is already a booty for the criminal, but, in addition, it opens a communication window with the victim – that he thinks he is talking to the administration – where other data can be obtained or even sending money.
“It is done exactly as a phishing,” warns Hervé Lambert, responsible for consumption operations of Panda Security.
And he believes that it is a “mass shipping” quite well thought out.
“My mother is sure she had fallen,” he recognizes.
Moreover, it considers that he himself could have had his doubts, although the absence of a telephone or physical contact address, united to an email address that did not have the domain of the ministry, but of a third (Outlook, in this case)
He finished shooting his alarms.
Saving the digital circuit has, in a way, its advantages for the scammers, according to this expert.
On the one hand, a letter has a halo of official that email does not always get.
In addition, the population is more accustomed to distrusting electronic communications and in case of doubt it is simpler to forward them to a person with more knowledge that can detect deception.
“Or the uncle has been surpassed and has tried and it has gone well or behind there is a structured study,” explains Lambert.
“It seems that the cybercriminal lately thinks a lot and looks for ways to get a greater return,” she continues.
And the return is not necessarily monetary, at least immediately, but can also be obtaining bank data.
Lambert warns that we are at a moment “quite complex” in this area because the attackers “do things that awaken the interest of people in response”.
In this case, they are hidden behind an apparently official communication that, on the one hand, requests information for an organism that should have it and, on the other, it alludes to benefits – talks of retirement- that concern citizens.
“You have to cultivate a little paranoid culture,” summarizes the expert.
Thus, he recommends “twice all the steps we give” and read on more than one occasion these emails in search of spelling or inconsistencies.
“Normally the leaves have a bit more professional format,” he explains, “but that we see if we stopped, we breathe and think those things.”
The letterhead, for example, should include a physical address and a contact phone to call in case of doubt.
“We have to stop, read the letter two or three times and look for spelling mistakes or things that call us a lot, such as email domain, and, above all, not run,” she adds.
“No one in a ministry uses an Outlook email address; the domain is key,” adds Lambert.
In this regard, it is worth remembering that official agencies are housed in domains .gob.es and never resort to other service providers for the mail.
Likewise, “you would have to look at the envelope” and see what kind of postage has been used and consider that social security will never send a letter asking for data by email.
Faced with any doubt, it always convents you to go facely or call the official numbers of attention to the citizen.