The SEPE or State Public Employment Service of Spain has alerted the public that in the last few hours a phishing is circulating that pretends to be this organism and that the objective is to steal bank data (to later steal money).
People receive an SMS, a WhatsApp or an email. It seems that the message varies, but the same link appears in all of them, which is the following: “https://sepe.es.6578653.top/”. According to the information provided by SEPE, the most common messages indicate an amount of money that you have to pay after a failed update of your bank details.
THEFT OF DATA AND UNSOLICITED PACKAGES WHAT IS BRUSHING
How do they steal information?
The link is recognized as a phishing attempt if you open it with your PC and a Firefox browser. From Mozilla they explain that “Firefox has blocked this page because it can trick you into do something dangerous like install software or reveal personal information such as passwords or credit cards”. For its part, Microsoft Edge has already been alerted and informs you that “Microsoft recommends that you not continue on this site. Microsoft has received information that it contains phishing threats that may attempt to steal personal or financial information.”
If you open it with your phone, which is the most common (because you receive an SMS or WhatsApp in many cases), it takes time to load in the browser. Still, in these types of phishing attacks detected, it is normal for attackers to return to the attack after a while. From the Manresa Police reported of this and they say that the following interface appeared to some citizens:
As you can see in the photo, they ask you to select your bank to update your account details. As options they give BBVA and Banco Santander (widely used in attacks in general), but you can also select the “Other Banks” option.
From SEPE they report that “It is important that you DO NOT click on this linkbecause it is a fraudulent campaign by means of SMS to get hold of your personal data” and asks you to remember that SEPE will never ask for your personal data by SMS. In the alert created, it states that it can also be by WhatsApp or by mail as indicated previously.