Penipuan SMS di Sepanyol: Cara Mengesan Mesej Palsu daripada Correos, Bank dan Agensi Cukai
SMS scams in Spain impersonate Correos, banks, Agencia Tributaria, and utility companies. Learn to identify and report smishing attacks.

Penipuan SMS di Sepanyol: Cara Mengesan Mesej Palsu daripada Correos, Bank dan Agensi Cukai
SMS scams -- known as smishing -- have become one of the most pervasive forms of fraud in Spain. Beyond the well-known fake Correos delivery messages, scammers are now impersonating banks (Santander, BBVA), the Agencia Tributaria (tax agency), utility companies, and courier services like MRW and SEUR.
The Expanding Smishing Landscape
| Impersonated Entity | Typical Message | Goal |
|---|---|---|
| Correos | "Your package could not be delivered. Pay customs: [link]" | Credit card theft |
| Santander/BBVA | "Unauthorized access detected. Verify: [link]" | Banking credentials |
| Agencia Tributaria | "You have a pending tax refund. Claim here: [link]" | Identity/financial theft |
| MRW/SEUR | "Delivery rescheduled. Confirm address: [link]" | Personal data theft |
| Electric/gas company | "Overpayment detected. Request refund: [link]" | Credit card theft |
| DGT (traffic) | "Unpaid fine. Pay within 24h: [link]" | Financial theft |
How Smishing Works
The Technical Side
Scammers use SMS spoofing services that can:
- Display any sender name (e.g., "BBVA", "Correos")
- Insert fake messages into legitimate conversation threads
- Send millions of messages simultaneously at low cost
- Target specific geographic regions
The Psychological Side
Every smishing message relies on:
- Urgency: "24 hours to respond" or "your account will be closed"
- Authority: Impersonating trusted institutions
- Small amounts: Asking for 1-3 EUR does not trigger suspicion
- Fear: Warnings about unauthorized access or unpaid fines
New Vectors in 2025-2026
Fake Agencia Tributaria Messages
Tax season brings a wave of fake tax agency SMS:
- "Your income tax refund of 278.50 EUR is ready. Claim: [link]"
- "Error in your tax declaration. Correct immediately: [link]"
The real Agencia Tributaria never sends refund links via SMS.
Utility Company Phishing
Fake messages from electricity (Iberdrola, Endesa) and gas companies:
- "Overpayment on your last bill. Claim refund: [link]"
- "Service interruption scheduled. Update payment method: [link]"
Courier Service Expansion
Beyond Correos, scammers now impersonate:
- MRW
- SEUR
- GLS
- Amazon Logistics
How to Identify Smishing
Universal Red Flags
- Contains a link: Legitimate organizations rarely send links via SMS
- Asks for payment: No real company asks for payment via SMS link
- Creates urgency: "Act within 24 hours" or "immediate action required"
- Generic greeting: "Dear customer" instead of your name
- Suspicious URL: Not the official domain of the company
How to Verify
- Open the company's official app or website directly (never via the SMS link)
- Call the company using the number on their official website
- Check your account status through official channels
Reporting Smishing
| Step | Action | Contact |
|---|---|---|
| 1 | Do not click any link | Delete the message |
| 2 | Report to INCIBE | Call 017 (free) |
| 3 | Report to Policia Nacional | If financial loss occurred |
| 4 | Forward to your carrier | Some carriers accept spam reports |
| 5 | Alert the impersonated company | Through their official channels |
Protect Your Information
Never share personal or financial information through SMS. For secure sharing of sensitive data with trusted contacts, use LOCK.PUB to create password-protected, auto-expiring links instead of sending information through WhatsApp or SMS -- the very channels that scammers exploit.
Stay Safe
Smishing in Spain continues to evolve with new impersonation targets and increasingly convincing messages. The golden rule remains: never click links in SMS messages, and always verify through official channels. Report suspicious messages to INCIBE at 017 -- your report helps protect others.
LOCK.PUB provides a secure alternative for sharing sensitive information without relying on SMS or unencrypted messaging apps.
Kata kunci
Anda mungkin juga suka
16 Bilion Kata Laluan Bocor: Cara Semak Sama Ada Anda Terjejas
Kebocoran kata laluan terbesar dalam sejarah mendedahkan 16 bilion kelayakan. Ketahui cara menyemak sama ada akaun anda terjejas dan apa yang perlu dilakukan.
Kebocoran Data Chatbot AI: Apa Berlaku Bila Anda Tampal Maklumat Sensitif ke ChatGPT
Adakah ChatGPT selamat untuk data sensitif? Ketahui risiko privasi sebenar chatbot AI, kebocoran data terkini, dan cara melindungi maklumat sulit Anda.
Pembantu Pengkodan AI Menulis Kod Tidak Selamat: Apa yang Pembangun Perlu Tahu
GitHub Copilot dan Cursor AI boleh memperkenalkan kelemahan keselamatan. Ketahui tentang 74 CVE daripada kod yang dijana AI pada 2026 dan cara melindungi asas kod anda.
Cipta pautan dilindungi kata laluan sekarang
Cipta pautan dilindungi kata laluan, memo rahsia dan sembang tersulit secara percuma.
Mula Percuma