1. Emails or text messages impersonating Spain’s postal system (or other courier companies)
The pandemic has led to a dramatic rise in online shopping and unfortunately, scammers have been taking advantage of this by trying to pose as the Correos postal service or other courier companies. People may receive fake e-mails or text messages telling them where to track their orders or that it’s been cancelled until a €1.75 customs charge is paid, but instead, it redirects you to a page pretending to be Correos, designed to steal your data.
In other cases people have received messages pretending to be from one of these courier companies, asking them to pay a small fee to make sure the package arrives. When you go to pay the fee, the fake website steals your bank details.
One of the most serious of these types of scams is from scammers pretending to be from FedEx, who send you a text message telling you that your package couldn’t be delivered or to track it via an app. When the fake app is downloaded, the scammers can take control of your phone (if it’s an Android).
2. Supposed utility company salesperson knocking at your door
If someone claiming to belong to one of Spain’s utility companies shows up at your home without warning offering you an interesting new deal, you should keep your guard up, because this practice is prohibited by law. In fact, Spain’s national police suggests that before you open the door to them (if at all), you should call 091 to warn them of the scam.
The practice has been banned since 2018 and the real energy companies are aware of this and don’t send out staff to go door to door, so if someone turns up at your home claiming to be from Iberdrola, Endesa or another household names, don’t trust them.
3. Phone call claiming your bank account has been hacked
A new estafa (scam in Spanish) being used in Spain in 2022 sees scammers call you up, read out your ID number to make you believe they’re actually working for your bank and inform you that they’ve picked up on a fraudulent payment debited from your account.
They then suggest sending you a code via SMS which you will have to read out to them over the phone. Spanish banks don’t call to request that you tell them what verification codes you’ve received, so hang up the phone, don’t open the text message, check your account and if there is a problem deal with your bank directly in person. Most of these scammers currently claim to work for Spain’s two biggest banks, BBVA and Santander, although there is a similar scam where Caixabank customers are called to be informed that their account has been ‘blocked’.
4. The Bizum scam
With 12 million users in Spain, this mobile payment service is how many Spaniards choose to split the bill, pay over small amounts for services and even pay the rent.
As a result, scammers have seen an opportunity to swindle money out of Bizum users who use the app as a means of payment for their businesses. Estafadores (scammers) pose as customers and send out messages where they ask the seller or business to “authorise” a sum of money as payment.
People who get paid through Bizum do not receive a message asking them if they want to receive the money, they simply receive a message saying that it’s already been paid in. If they click on the scammer’s link that supposedly authorises the payment they won’t get paid but rather end up paying that sum to the scammer.
5. Fake e-mails from the Agencia Tributaria (Spanish Tax Agency) and other official bodies
This is a classic Spanish scam that always appears during tax season at the end of June. There are several variations of this scam, but in general cybercriminals pretend to be from the Spanish Tax Agency and send you an e-mail reminding you that you need to make a payment, that your account has been blocked or that you are due a refund. When you click on the link they send you, it takes you to a fake page to enter your data. From here, scammers can steal your personal details.
Another variation of this is that the e-mail asks you to download an attachment and when you do, it installs malware on your computer.
6. Vacation rental scams
As the summer season is approaching, the Guardia Civil are warning people about several vacation rental scams going on. These include advertising fake properties that don’t exist and taking people’s money without actually giving them the keys to the property. In order to avoid these scams, they are advising people to watch out for adverts that sound too good to be true, to check the reviews and number of people who have rented the property before, to ask to speak to the landlord on the phone and to not hand over any more without some guarantee.
¿Buscando online las #vacaciones2021 🏔🏩🌅 perfectas?
Cuidado con los chollos. Consulta referencias en Internet del hotel, apartamento, etc. #NoPiques ¡Sé cauto! proliferan los timos. Sigue los consejos @GDTGuardiaCivil📲#062 pic.twitter.com/qDdpnSoq7p
— José Antonio Herráez (@pepeherraez) June 22, 2021
7. Cryptocurreny scams
Cryptocurrency scams are becoming more and more common in Spain recently. One of the most common is a fake cryptocurrency ad using the face of a celebrity, while another is on Twitter where the scammers set up fake profiles of celebrities and try to get you to buy crypto. Often the ads will ask you to send Bitcoin or another crypto such as Ethereum to a wallet under the guise that they will send you back double.
Several elaborate pyramid schemes have also been set up to get you to buy fake cryptocurrencies. One of the biggest groups of cybercriminals trying to do this in Spain is Algorithms Group, a Bitcoin investment company based in London that has defrauded people for almost €280 million.
8. Discount coupons from supermarkets and big companies
Another classic scam being used in times of need is that of fake discount codes from popular companies. These spread quickly because cybercriminals often say that if you share the codes with your friends then you will get a greater discount. When you click on the fake link and enter your details, your identity is sent straight to the scammers. These have been seen via WhatsApp messages pretending to be the supermarket Mercadona. A similar scam attracts victims by pretending to run a prize draw to win a car.
There’s also a new scam where victims receive a text message claiming to be from Carrefour supermarket warning customers their discount card has been bloqued. When they click on the link it takes them to a website which mimics Carrefour’s and asks you to input your personal details, which they then proceed to steal. If you receive an SMS like this, bring it up with staff at your local Carrefour supermarket and don’t click on the link.
9. Phone company scams
There have been a rise in phone company scams recently, particularly from those pretending to be Vodafone, as reported by Antena3. The scammers try and hack your account by sending you an e-mail pretending to be from Vodafone. They tell you that you have an unpaid invoice and must pay it as soon as possible to avoid a fine. Clicking on the link that they provide you will download malware on your computer that will infect it with a virus and be able to steal your details.
10. Fake WhatsApp verification codes
WhatsApp account hijacking has become common and recently there has been a spike in these types of scams. Basically, what happens is that the cybercriminal configures WhatsApp on their phone using your phone number. As WhatsApp only allows one profile associated with each phone number, a verification code will be sent to make sure you want to do this. The scammer will then ask you to resend the code and if you do, they can take control of your account.
11. Amazon order confirmations
Because so many people use Amazon these days for online shopping, scammers have taken advantage. The way this scam works is that criminals send you an order confirmation pretending to be from Amazon. When you click on the link, you are taken to a fake page that asks for your log-in details. If you enter them then scammers may be able to access and buy things on your account, as well as steal all your personal details.
12. False information about Covid-19
Unfortunately, the pandemic has also brought out several people who want to take advantage of the difficult situation. This means that there are several Covid scams, where people pretend to be official bodies and send you notifications about border restrictions, vaccines or aid for companies. The messages either redirect you to a fake page to steal your details or send you an attachment to download, installing malware on your device. This could be through e-mail or messaging services such as WhatsApp.
13. Sim card cloning or swapping
Sim card cloning has been on the rise in recent years in Spain and it’s something that you need to watch out for, particularly if your mobile signal fails and you think there’s something wrong with your phone. Sometimes if you take your phone in to be repaired somewhere then your SIM card may be cloned or swapped. The criminal then typically gets hold of the victim’s bank account details. The other reason they do this is that a copy of the SIM is often need to break the two-factor authentication used by many lenders, who send an SMS to the client’s phone with a code before authorising a transaction.
14. Phishing via video conferences or online classes
Another one linked to the pandemic takes advantage of the fact that so many people have been doing things online, such as taking classes through the internet or doing video conferences. The objective of these scams is to steal Zoom account details. One of the ways it works is that you will receive an invitation to a Zoom meeting sending you a fake link where it asks for your details. In other instances, you may receive an e-mail asking you to join a meeting about terminating your employment contract. When you click on the link, it takes you to a fake page from where cybercriminals can steal your log-in details.
15. Phishing from streaming platforms
Other services that people have been using a lot during the pandemic are streaming services such as Netflix, Amazon Prime, HBO or Disney Plus. The objective of most of these scams is to try and steal your login details or credentials. The way in which they do this is often to get you to try and fill out a survey to lure you in with subscriptions for a lower price. Some of these have come from WhatsApp where they promise you free Netflix.
How do I make sure I don’t fall victim to these scams?
In almost most of these cases, cybercriminals are pretending to be official companies to try and steal your details. Basically, if you receive a message from a company and it looks suspicious or it says you’ve ordered something and you haven’t, then always check if the message has come from an official source. If links send you to other websites, always check these addresses to check if they are the official web addresses of these companies or not.
What do I do if I do fall victim to any of these?
If unfortunately, you do fall victim to any of these scams the first thing to do is monitor your phone bill to check if there are any payments to numbers or things you don’t recognise. Often, you will be signed up to a premium messaging service, which adds extra charges to your bill. If you see any of these, contact your phone company who should be able to help you unsubscribe.
If you have given away your bank details or card number, you need to contact your bank right away to let them know or to request a new bank card.
If you think that scammers or hackers may have gotten hold of your login details for certain services, make sure you change your passwords straight away to more secure ones.