The National Police has warned of the circulation of fraudulent emails that impersonate its identity with the aim of stealing personal and financial data. The messages use its name, its logo, and language very similar to that of official notifications to give an appearance of legitimacy.
The fraud seeks that the recipient clicks a link included in the email. That access redirects to malicious pages designed to collect personal or banking information. It is a social engineering technique in which cybercriminals try to make it the victim herself who provides her data.
A false requirement with threats of sanction
The message reproduced in the alert simulates an official summons. The text literally says that the citizen must appear at the Central Department of the National Police in Madrid on December 20, 2024 for an alleged administrative file.
The same email adds a warning to pressure the user. In that content it is indicated that unjustified non-appearance could entail additional legal measures and economic sanctions, a formula that seeks to generate urgency and fear to favor the click.
Additionally, the message incorporates a link presented as access to the procedure's documentation. That link is the key element of the scam, as it leads to malicious pages prepared to capture sensitive information.
Official denial and prevention campaign
The authenticity of that email has been denied by the National Police itself through its official profiles on social media. The force maintains awareness campaigns against this type of fraud and disseminates warnings with the hashtag #NoPiques.
The authorities remind that no administration will request passwords, bank details, or urgent payments through an email. That is one of the clearest signs to detect an impersonation attempt.
More than 70 % of the threats detected
According to data cited from the National Cybersecurity Institute, more than 70% of detected cyber threats are related to identity impersonation attempts. The increase in these scams is framed within a context of greater digitalization of public administrations.
Among the mentioned projects is the Unique Enabled Electronic Address, a digital mailbox designed to centralize official notifications for citizens in Spain. To access this system it will be necessary to identify oneself by means of a digital certificate, electronic DNI or Cl@ve.
The service will be complemented by Notifica App, an application to review notices from different administrations. For a time, electronic notifications will coexist with traditional postal mail.
How to detect a fake message
Among the recommendations for identifying a fraudulent email are carefully reviewing the sender's address, checking the real URL of the links before clicking them, and detecting possible grammatical or formatting errors. These are common signs in impersonation campaigns, even if the message appears to be official.
- Check the full sender's address
- Verify the real URL before opening any link
- Distrust requests for passwords, bank details, or urgent payments
- Check for drafting errors or an unusual format