The most expensive fine that you can pay as a driver is not the one that subtracts all your points or that imposes an economic penalty of hundreds (or thousands) of euros. It is the one that can come from the hand of the latest scam of the Directorate General of Traffic: from time to time, the DGT is the victim of a scam attempt and the first of 2023 has begun to reach the email of many users. We teach you to identify it so that it does not cost you too much.
The ‘modus operandi’ is well known: an e-mail with which they intend to impersonate the identity of the DGT. To do this, they throw several hooks. The first is the subject of the email, ‘Fine not paid’, enough to attract the attention of the driver. The second is the explanation (‘An unpaid traffic ticket addressed to you or your vehicle has been identified in our system’) and the solution to pay that penalty and avoid problems with Traffic: download a file, complete it and send it.
Objective: your bank details
The download link does not direct the user to the DGT, but leads to downloading a compressed file (.zip) that does not contain any fine: is actually an executable file that contains malware with which the device (computer, mobile phone, tablet…) will be infected.
The Internet User Security Office (OSI), which has identified this latest phishing campaign, explains that it is a Trojan that is characterized by extract bank information: “There are different variants, but among its most common functionalities it would allow actions such as manipulating windows, recording keystrokes and obtaining addresses from the victim’s browser.”
How to recognize a false ticket?
The truth is that it is not difficult to identify false DGT fines if you know how. These scams try to appear credible imitating the form of official document, but sometimes (as in this case) they don’t even show the anagrams of the General Directorate of Traffic or the Ministry of the Interior: this is the first clue.
The second is The email from which they send the alleged sanction: It does not correspond to the official domain of the DGT. On this occasion it is ‘[email protected]’ which, obviously, does not correspond to that of the public body. Looking at this information we can know if we are a potential victim of cybercriminals.
The third point that you should look at is the text of the email itself because, normally, include grammatical and spelling errors, misspelled words and often use terms that the DGT never uses in their communications: “You must complete the form to resolve a traffic infraction (instead of traffic) that is in agents.”
The fourth and last key is the most relevant: it should be remembered that the DGT does not send fines by email, Neither do radar photos and it never asks to download any files. Not even when we are subscribed to the electronic notification system.
The General Directorate of Traffic sends the sanctions by certified postal mail to the address of the offender or through the Electronic Road Directorate (DEV): with this system it sends A notification by e-mail or by text message to the mobile. In these notices, it informs of the existence of a sanction in the electronic mailbox, which can only be accessed after identification.
when it’s late
To users who receive this email, the Internet User Safety Office advises do not reply to it, mark it as spam, delete it and run an antivirus updated to make sure there is no trace of the malware. What if it’s already late? If you have executed the file, you will need to follow these steps:
- disconnect computer from the network you are connected to to prevent it from infecting other devices
- Carry out a full scan of the device with an antivirus and then proceed with disinfection: in case of doubt, it is advisable format to restore factory settings
- Take screenshots and save both the email and possible communications related to the matter to have evidence of fraud: with them you can file a complaint in the State Security Forces and Bodies.
⚠️#OSInotice | Have you received an email mentioning that you have not paid a #penalty fee? Be careful! There is a campaign #phishing supplanting @DGTesin which the invoice is a #malware. #Safety notices
— OSI Security (@osiseguridad) January 31, 2023