The National Meteorological Agency (AEMET) alerted citizens on Monday that a new scam campaign is attempting to impersonate the organization via SMS. In the fraudulent message, the cybercriminals falsified the recipient’s identity so that “AEMET” appeared and guided users to a trap link.
The hook used is a supposed warning about “a severe storm in your area.” The SMS then offers the recipient to download the agency’s mobile application from the link provided. “Be prepared and stay safe,” cybercriminals insist, omitting accents in spelling mistakes that are often the first warning sign one might find in this type of scam.
AEMET emphasizes in its notice to citizens that “it never sends SMS”. “If you receive a similar message, do not open the link. Our application can only be downloaded in stores official,” explains the meteorological institution, referring to the Android and iPhone application stores.
This is the second scam aimed at profiting from the DANA disaster that authorities have warned about. Last Friday, the Ministry of Digital Transformation announced the blocking at the request of the police of a website which received “fraudulent donations” under the pretext of redirecting them to people affected by the tragedy. The portal was called “Help Valencia” and required donations to be made in cryptocurrencies.
Cybercriminals typically use shocking events such as DANA, as well as health crises or global events to launch this type of fraud. They rely on impersonation of official and trustworthy organizations allowing citizens to download malicious files, as in the case of AEMET SMS, or make donations that end up in their pockets.
The SMS identity theft technique is called “smishing”. “The attacks of smashing “can be very effective because text messages are often perceived as more trustworthy than emails, and many people are more likely to respond or follow directions given in a text message than in an email,” says the Institute national cybersecurity (Incibe). In addition to public institutions, it usually impersonates banks and parcel delivery companies.
Besides typographical errors, another way to recognize them is the sense of urgency they all try to convey to the recipient. This sense of urgency is essential for the victim to lower their defenses and try to resolve the problem posed by the scam as quickly as possible and by the means suggested by the cybercriminals. The experts’ recommendation is to never fall into this emergency, since establishments very rarely send this type of alerts and in the case of AEMET, it is never by SMS.
If you believe you have clicked on a fraudulent link or entered banking and sensitive data on pages that could be exploited by cyber fraudsters, it is recommended that you immediately report what happened to the bank and report the incident to the police. Incibe has the free number 017 and the WhatsApp telephone number 900 116 117 to resolve security questions. It serves citizens, businesses and professionals and is confidential.
