They warn of a new scam and this time related to Social Security. The hook with which cybercriminals try to get hold of all the bank details of their victims to steal their money is the suspension of the health card. The Internet User Security Office has detected a campaign that impersonates Social Security by sending fraudulent SMS (smishing), which instantly leads the user to click on the link that accompanies the message, using as an excuse having to request a card new after the suspension of the previous one. In addition, shipping must be paid through a courier and parcel company.
How the scam that impersonates Social Security works
Once the user enters the URL attached to the fraudulent SMS, a website can be seen pretending to be from the Ministry of Inclusion, Social Security and Migrations in which he finds a form requesting last name, first name, date of birth and email. In another, the victim ends up giving her address, zip code, town and phone number. When you click on confirm, the shipping options will be displayed. So they have all the personal data.
They detail from the office that in this section, they will expose two methods of transport to receive the new health card, which are two courier and parcel companies with a different load of less than 4 euros. When you click on proceed to payment, a form will appear to fill in the bank card details, in which the name of the cardholder and card number are already requested, as well as the expiration date and the CVV security code that appears at the reverse of this
When confirming the payment, the website is loaded, authenticating the process, warning that you will be redirected to another page when the process is finished. Next, a form will appear that says link by Apple Pay, which asks you for a code that has been sent by text message to your mobile device. After this, a window will appear, in which they confirm that the payment has been validated, they give you the data of the amount and the identification of the shipment, and they explain when they will receive the card, but the cybercriminals will have already obtained your data.
What to do if we have fallen for the health card scam
If you have received said SMS and have clicked on the link with all the personal and bank details, the experts recommend contacting the bank to explain what happened and that they proceed to cancel the import and block the card used in the payment. During the next few months, it is advisable to have greater control than usual of the movements of the account associated with the card. Having provided personal and sensitive data, it is recommended that in the coming months you carry out searches on yourself to confirm that our data is not being disseminated on the Internet.