The Spanish Consumers Association has launched an alert for a fraud circulating in Spain that specifically targets workers on sick leave. The scam is spread through SMS messages that impersonate the identity of the National Social Security Institute and seek for the victim to access a fraudulent link.
In those messages, the recipient is informed of an alleged review by the medical inspection. The hook is the fear of a possible review or of losing the benefit, a circumstance that, in people in a situation of temporary disability, can increase the likelihood that they will open the link and follow the instructions.
Messages that simulate official notices from the INSS
The association warns that it is a phishing campaign. The scammers' objective is for the recipient to provide personal or banking details after entering the web address included in the SMS. The message impersonates the INSS to give the appearance of official communication and generate a quick reaction from the victim.
Once inside that link, users can be exposed to information theft or to the installation of malicious software on their devices. The organization insists that Public Administrations do not request personal data through links of this type nor through unverified SMS messages.
What to do if the message is received
The main recommendation is not to access the link and not to provide any personal data. In case of doubt, it is advised to contact directly with the official channels to check if there really is any notification related to the leave or with a medical inspection.
Those potentially affected must report the facts to the State Security Forces and Corps. If banking details have already been entered or fraudulent use of the account is suspected, the association recommends going immediately to the financial institution to try to block operations or avoid unauthorized charges.
Advisory channel for potential victims
The Spanish Consumers Association has also enabled a channel to report attempted scams or request guidance. The available email address is [email protected], where users can submit their case and ask for advice regarding this type of fraud.
The alert comes at a time when SMS impersonation campaigns continue to use brief, direct, and administratively-appearing messages to pressure recipients. In this case, the focus is on people on sick leave, an especially sensitive group to any notice related to their employment situation or the collection of their benefit.