A SMS fraud attempt targeting people on sick leave is circulating with a message impersonating the National Social Security Institute and informing of a supposed upcoming review by the medical inspection. The text includes a link to get more information, but it is a trap to capture data or compromise the victim's device.
A message that seeks to take advantage of the unease of those who are on sick leave
The notice appeals to a sensitive situation. Whoever receives the SMS sees a communication that appears to be official and that speaks of an imminent medical check-up. That context can generate concern and push to click the link quickly. Precisely there is the deception.
If you receive a message about a medical inspection review with a link, do not open it. The link does not lead to an official page, but to a site prepared to capture personal data or install viruses that jeopardize the security of the phone, the computer, and also the user's passwords.
A case of phishing with INSS impersonation
The maneuver fits into a phishing technique. The objective is for the victim to act trusting a recognizable public identity. In this case, the impersonation focuses on the INSS and a possible action by the medical inspection, an issue that can be especially credible for people who are already on sick leave.
The warning insists that public administrations do not ask for the verification of personal data through links sent by text message. That is one of the clearest signs to detect fraud and cut off any interaction before it goes further.
"Public administrations do not request the verification of personal data through links in text messages" - Spanish Consumers Association
What to do if the message arrives or if it has already been clicked
The immediate recommendation is simple. Do not click the link and it is advisable to delete the message. If the person has already provided data or suspects that it may have been compromised, they should contact their bank to try to stop possible unauthorized charges or movements.
It is also advised to report the events to the State Security Forces and Corps if you have fallen into the trap. That step can be relevant to record what happened and help in the investigation of this type of campaigns, which are usually launched massively and with very similar texts.
The Spanish Consumers Association has enabled the email [email protected] for those who want to receive alerts related to this fraud. The main message remains the same. Faced with any SMS that announces a medical check-up and includes a link, the safest way is to distrust and delete it.