Cyber ​​security company ESET has warned of a new campaign of fake fines by the DGT which impersonate an organization to steal credit card information.

A good number of users will take advantage of the Easter holidays for a well-deserved rest. And many will do this while traveling by car. If this is your case, be careful. For real security (because the fines imposed by the good ones are as real as they are substantial) and for computer security, because unrepresentative people in the service use every opportunity to steal information.

False fines from DGT

The Directorate-General for Transport is – along with the Ministry of Finance – the agency that causes the most identity theft, an insidious activity that has multiplied with the explosion in the use of mobile internet, social networks and instant messaging applications. And it is logical that these organisms are attacked the most. Users fear any sanctions or demands and react quickly. Many of these notices received online are fake..

The malicious campaign in question comes via SMS and ensures that we have a pending payment that needs to be paid before the amount is increased.

At first glance, the message may seem real for several reasons:

• The identifier used by the criminals to send the SMS uses the name DGT, so many users may think the message is legitimate.
• The report refers to the delay in payment for the breach, something many users will want to resolve as soon as possible to prevent them from not paying with additional costs.
• The link contained in the SMS is not shortened and contains links to the personified entity in the domain name, in this case DGT.

However, by simply looking up the link (for example via whois), we find that the domain to which we are supposed to be redirected from the link provided in the SMS is only a few weeks old and was registered on a Russian server. It is obvious that this is a fraudulent message.

If you fall into the trap and click on the link, you will find a cloned DGT image and a button to pay the fine in less than 24 hours. After this first step, a form will appear in the next one where you can enter your personal information. Finally, they will ask for your credit card information, which is the real goal of this malicious fake fine campaign by DGT.

Carefully. NEVER reply to a link of this type, whoever sends it to you, sends it. ALWAYS go to the official website of the relevant agency to check for outstanding fines or other types of requirements.