The General Treasury of Social Security has issued a warning about a campaign of Phishing that arrives via email and impersonates the institution. The messages, sent from addresses such as aviso@sede.comThey claim you have a pending "notification" and try to get you to act quickly.
The hook is the urgency: it indicates that there are only a few. two days to access the alleged notificationBy clicking on the link, the user ends up in a website that imitates the Social Security Headquarters to request credentials and even bank details. The TGSS emphasizes that it does not use that account and suggests verifying that The channel is official before clicking.
What has the TGSS warned about?
From their information profiles, the TGSS has warned of these emails and has asked people not to open or interact with them. They emphasize that legitimate alerts are not sent from that address. fraudulent address and that you should carefully check the sender and domain before clicking on any link.
The message text usually states that “you have communications available” and sets a limit of 2 calendar days to consult them, along with a button to “access now”. This time pressure is a classic resource of identity fraud to provoke impulsive responses.
How the scam works and what it aims to achieve
According to the guidelines of INCIBEPhishing involves sending messages that They impersonate legitimate entities with the aim of stealing information, money, or infecting devices, and there are variants such as QRishingIn this campaign, the links lead to fraudulent pages that replicate logos and official appearance.
These fake websites ask for login credentials and even financial data (card number, IBAN, or banking credentials). If provided, attackers can take control of accounts, make charges, or empty balancesa risk that is related to the carding scam without the victim noticing immediately.
- Suspicious sender or domain that does not match the official ones.
- messages with unusual urgency and threats of blocking or rejection.
- Shortened links or addresses that do not begin with https.
- Spelling mistakes and petitions of personal or banking data.
What to do if you receive the email
If you receive a message like this, the safest thing to do is Do not open attachments or linksand delete it. Check the sender and, if you have any doubts, access the Social Security website by typing the address in the browser instead of using what they send you.
- Report the attempt to INCIBE 017 and, if necessary, to the National Police or Civil Guard.
- Activate alerts and double factor in your accounts to make unauthorized access more difficult.
- If you have clicked or entered data, changes passwords, notify your bank and monitors movements.
- Run an updated anti-malware scan on the device affected.
Safe channels and practices with Social Security
For procedures and notifications, use only the Social Security Electronic Office and the Importass portal, accessible with Cl@ve, digital certificate or electronic ID card. Check your alerts by logging in to your account or from official mailboxes such as Citizen Folder or DEHú, never from links received by email.
Remember that Social Security It does not request passwords or bank details by email.Be wary of messages that ask you to "resolve issues" urgently, and save the following as favorites: legitimate links to avoid confusion with cloned sites.
The key to avoiding falling lies in recognizing the false emergencyVerify the sender and always use official channels; if something doesn't seem right, it's best to stop, check, and ask for help from INCIBE or the security forces before clicking a single button.
