SMS-fraude in Spanje: zo herken je nepberichten van Correos, banken en de belastingdienst
SMS scams in Spain impersonate Correos, banks, Agencia Tributaria, and utility companies. Learn to identify and report smishing attacks.

SMS-fraude in Spanje: zo herken je nepberichten van Correos, banken en de belastingdienst
SMS scams -- known as smishing -- have become one of the most pervasive forms of fraud in Spain. Beyond the well-known fake Correos delivery messages, scammers are now impersonating banks (Santander, BBVA), the Agencia Tributaria (tax agency), utility companies, and courier services like MRW and SEUR.
The Expanding Smishing Landscape
| Impersonated Entity | Typical Message | Goal |
|---|---|---|
| Correos | "Your package could not be delivered. Pay customs: [link]" | Credit card theft |
| Santander/BBVA | "Unauthorized access detected. Verify: [link]" | Banking credentials |
| Agencia Tributaria | "You have a pending tax refund. Claim here: [link]" | Identity/financial theft |
| MRW/SEUR | "Delivery rescheduled. Confirm address: [link]" | Personal data theft |
| Electric/gas company | "Overpayment detected. Request refund: [link]" | Credit card theft |
| DGT (traffic) | "Unpaid fine. Pay within 24h: [link]" | Financial theft |
How Smishing Works
The Technical Side
Scammers use SMS spoofing services that can:
- Display any sender name (e.g., "BBVA", "Correos")
- Insert fake messages into legitimate conversation threads
- Send millions of messages simultaneously at low cost
- Target specific geographic regions
The Psychological Side
Every smishing message relies on:
- Urgency: "24 hours to respond" or "your account will be closed"
- Authority: Impersonating trusted institutions
- Small amounts: Asking for 1-3 EUR does not trigger suspicion
- Fear: Warnings about unauthorized access or unpaid fines
New Vectors in 2025-2026
Fake Agencia Tributaria Messages
Tax season brings a wave of fake tax agency SMS:
- "Your income tax refund of 278.50 EUR is ready. Claim: [link]"
- "Error in your tax declaration. Correct immediately: [link]"
The real Agencia Tributaria never sends refund links via SMS.
Utility Company Phishing
Fake messages from electricity (Iberdrola, Endesa) and gas companies:
- "Overpayment on your last bill. Claim refund: [link]"
- "Service interruption scheduled. Update payment method: [link]"
Courier Service Expansion
Beyond Correos, scammers now impersonate:
- MRW
- SEUR
- GLS
- Amazon Logistics
How to Identify Smishing
Universal Red Flags
- Contains a link: Legitimate organizations rarely send links via SMS
- Asks for payment: No real company asks for payment via SMS link
- Creates urgency: "Act within 24 hours" or "immediate action required"
- Generic greeting: "Dear customer" instead of your name
- Suspicious URL: Not the official domain of the company
How to Verify
- Open the company's official app or website directly (never via the SMS link)
- Call the company using the number on their official website
- Check your account status through official channels
Reporting Smishing
| Step | Action | Contact |
|---|---|---|
| 1 | Do not click any link | Delete the message |
| 2 | Report to INCIBE | Call 017 (free) |
| 3 | Report to Policia Nacional | If financial loss occurred |
| 4 | Forward to your carrier | Some carriers accept spam reports |
| 5 | Alert the impersonated company | Through their official channels |
Protect Your Information
Never share personal or financial information through SMS. For secure sharing of sensitive data with trusted contacts, use LOCK.PUB to create password-protected, auto-expiring links instead of sending information through WhatsApp or SMS -- the very channels that scammers exploit.
Stay Safe
Smishing in Spain continues to evolve with new impersonation targets and increasingly convincing messages. The golden rule remains: never click links in SMS messages, and always verify through official channels. Report suspicious messages to INCIBE at 017 -- your report helps protect others.
LOCK.PUB provides a secure alternative for sharing sensitive information without relying on SMS or unencrypted messaging apps.
Trefwoorden
Misschien vind je dit ook leuk
16 Miljard Wachtwoorden Gelekt: Hoe te Controleren of Je Getroffen Bent
Het grootste wachtwoordlek in de geschiedenis heeft 16 miljard inloggegevens blootgelegd. Leer hoe je kunt controleren of je accounts gecompromitteerd zijn en wat je moet doen.
AI Chatbot Datalekken: Wat Er Gebeurt Als Je Gevoelige Info in ChatGPT Plakt
Is ChatGPT veilig voor gevoelige data? Leer de echte privacyrisico's van AI chatbots, recente datalekken en hoe je je vertrouwelijke informatie beschermt.
AI Codeerassistenten Schrijven Onveilige Code: Wat Ontwikkelaars Moeten Weten
GitHub Copilot en Cursor AI kunnen beveiligingskwetsbaarheden introduceren. Leer over 74 CVE's van AI-gegenereerde code in 2026 en hoe u uw codebase beschermt.
Maak nu je met wachtwoord beveiligde link
Maak gratis met een wachtwoord beveiligde links, geheime memo’s en versleutelde chats.
Gratis Beginnen