Spanish Consumers Association warns of traffic fine scam

The Spanish Consumers Association (ASESCON) is warning the general public about a new ´phishing scam´ email traffic fine notification that is currently being sent out to thousands of people

ASESCON has issued a warning regards of a new wave of fraudulent emails, sent out by scammers, that try to trick the public with a false traffic fine notification.

The message reads: “an electronic fine No. ____ was issued on ____ at _____.” and then asks the user to choose “the best way to consult their bill” via two links that open a malicious file that infects the user’s electronic device, thereby exposing the victim’s personal data.

It is important to remember that the traffic authority (DGT), as well as other organisations like the Post Office, banks, the tax office, electricity companies, etc., NEVER request information from their users, such as passwords and personal data, through email.

They will also NEVER ask you to make a payment through a link attached to an email. ASESCON advises users to take extreme precautions to avoid falling victim to this type of fraud, known as “phishing.”

When it comes to communicating fines, the traffic authority never uses email. Instead, it uses official bulletins, municipal notice boards, the Traffic Penalties Notice Board (TESTRA), or the Single Notice Board (TEU).

There is just one circumstance in which this rule does not apply: if the individual has willingly enrolled in the Electronic Address System (DEV), an electronic mailbox for receiving communications and alerts with equivalent legal consequences to paper notifications.

In this scenario, you can get a notification via SMS or your enabled email address asking you to enter the DEV and access the fine after verifying your identity (with an electronic ID card or digital certificate).

Required action

ASESCON advises not opening links in suspicious emails or SMS and deleting any suspicious emails or SMS without viewing them. They also advise keeping antivirus software up to date on PCs and mobile devices. and to confirm that a website is using a secure server before inputting personal information there (the address of the page should start with https and there should be a padlock in the address bar).