The State Meteorological Agency (AEMET) has alerted citizens this Monday that a new scam campaign is trying to impersonate the organization through SMS. In the fraudulent message, cybercriminals have falsified the identity of the recipient so that “AEMET” appears and guide users to a trap link.
The hook used is a supposed warning about “a severe storm in your region.” The SMS then suggests the recipient download the agency’s mobile application from the link provided. “Be prepared and stay safe,” cybercriminals insist, omitting accent marks and making spelling mistakes that are often the first warning sign that can be found in this type of scam.
The AEMET emphasizes in its notice to citizens that “it never sends SMS.” “If you receive a similar message, do not open the link. Our app can only be downloaded in stores official”, explains the meteorological institution, referring to the Android and iPhone application stores.
This is the second scam that attempts to take advantage of the DANA catastrophe that the authorities have warned about. Last Friday, the Ministry of Digital Transformation announced the blocking at police request of a website that was receiving “fraudulent donations” with the excuse of redirecting them to those affected by the tragedy. The portal was called ‘Help Valencia’ and required that donations be made in cryptocurrencies.
Cybercriminals commonly use shocking events such as DANA, as well as health crises or global events to launch these types of frauds. They are based on impersonating official and trustworthy organizations for citizens to download malicious files, as in the case of the AEMET SMS, or make donations that end up in their pockets.
The technique of impersonation through SMS is called “smishing”. “The attacks of smishing “can be very effective because text messages are often perceived as more trustworthy than emails, and many people are more likely to respond or follow guidelines indicated in a text message than in an email,” says the National Institute of Cybersecurity (Incibe). In addition to public institutions, it usually impersonates banks and parcel delivery companies.
In addition to typographical errors, another way to recognize them is the sense of urgency that they all try to convey to the recipient. This impression of urgency is key for the victim to lower their defenses and try to solve the problem that the scam poses as soon as possible and by the means that cybercriminals suggest. The experts’ recommendation is to never fall into this urgency, since institutions very rarely send this type of alerts and in the case of the AEMET, it is never by SMS.
If you suspect that you have clicked on a fraudulent link or have entered banking and sensitive data on pages that could be operated by cyber-fraudsters, the recommendation is to immediately report what happened to the bank and report the incident to the Police. Incibe has the toll-free number 017 and the WhatsApp telephone number 900 116 117 to resolve security questions. It serves citizens, companies and professionals and is confidential.
#scam #impersonates #AEMET #severe #storm #alert
