Drivers in Catalonia must exercise extreme caution due to an instant messaging fraud campaign that has reached significant levels in the region. The IT security firm Bitdefender has identified a considerable volume of fake messages targeting mobile users in Spain between December 2025 and April 2026. This operation, identified as Operation Road Trap, has generated over seventy-nine thousand malicious communications focused on the transport and mobility sector.
The statistics reveal the magnitude of the attack with more than thirty-one thousand dangerous links distributed in at least forty different campaigns. Catalonia is among the most affected autonomous communities along with Madrid and Andalusia, which makes this alert a matter of public interest for residents of Barcelona, Girona, Lleida, and Tarragona. The objectives of these attacks range from money theft to the misappropriation of personal and banking data, as well as the installation of malicious software capable of intercepting SMS or taking remote control of the phone.
Deception and Urgency Mechanisms
The supposed notices impersonate transport sector authorities, toll operators, and parking services to create a false sense of immediate crisis.
- Bitdefender. The content usually informs of an unpaid toll, traffic fine, or parking penalty, setting a very short deadline to resolve the matter, ranging between twenty-four and seventy-two hours. To increase psychological pressure, serious consequences are threatened, such as additional charges, license suspension, legal action, and even arrest warrants."These fraudulent messages are designed to generate a sense of urgency and pressure drivers to act quickly"
After reading the notice, the implicit instruction is to click on a link to solve the problem. This link leads to fraudulent websites that imitate official payment or administrative portals. Once on the fake page, victims may be induced to enter confidential information such as card numbers, personal data, and banking credentials. In certain regions, the risk exceeds data theft because the attack installs malware directly on the mobile device.
Advanced techniques and local presence
The operation employs sophisticated tactics to increase its credibility and evade standard detection filters. The campaigns use identity spoofing techniques and constant domain rotation to make it difficult to track those responsible. Researchers point out that the structure is highly coordinated although they have not found clear links between the groups behind each wave. Specific methodologies include
- Impersonation of legitimate traffic authorities.
- Web pages that faithfully imitate official portals.
- Use of shortened links and constant domain changes.
- Specific tricks for mobile devices that ask to respond to the message to activate the malicious link.
At the state level, cybercriminals frequently impersonate the Directorate General of Traffic through SMS about pending fines. The messages simulate originating from both the official body and alternative senders like miMultas. Examples have been captured where the text warns of an increase in the pending fine if the file is not consulted via an attached link. Other variants send reminders with instructions to stop the service by replying with STOP or INFO.
Recommendations for action
Upon the arrival of any suspicious notice, the technical authority strongly advises not to click the link included in the body of the text. Nor should one reply to the original message under any circumstances. The most advisable thing is to delete the communication immediately and report it through the enabled channels. It is always preferable to verify the information by accessing directly the official website of the corresponding body without using intermediaries. Likewise, it is fundamental to keep updated a robust cybersecurity solution on the mobile device to block intrusion attempts. Users must act with caution and always prioritize external verification before carrying out any economic transaction or providing sensitive data.