The State Public Employment Service (SEPE) has warned about a new cyber-fraud campaign in which cybercriminals pose as the institution in order to steal personal and banking information from users. As reported by the HEDGE through your Twitter account, attacks can come through email, WhatsApp or SMS.
As usual in these cases, in the campaign, the criminals try to capture the user’s attention and convince them to ‘click’ on a malicious link that redirects them to a page where they are asked to share private information.
⚠️ Phishing alert ⚠️ Fraudulent messages have been detected impersonating SEPE ⤵️
❌ Be careful if you receive suspicious messages through ⤵️
???? SMS
???? WhastApp pic.twitter.com/uZDhjFolZn— SEPE (@empleo_SEPE) September 13, 2022
The SEPE reminds users that «It will never ask you for personal data by message«. Bearing this in mind, it is important that the user discard any communication in which information of this type is requested, including bank information.
You should also avoid clicking on communication links in which this type of information is requested. They can direct the user to a malicious web page where they try to convince them to share private data or could trigger the download of malicious code.
How to avoid the trap
Criminal scams aimed at stealing information are constant and not only affect public institutions such as SEPE. Private companies, such as Wallapop or Amazon, are also used by criminals to trick users.
Cybersecurity experts recommend distrust any message that is even minimally suspicious. Especially those that try to alert the user and invite him to act quickly, without thinking twice about the consequences.