If the SEPE asks you in an SMS or an email to update your bank account, do not bite: it is a phishing to steal you

The SEPE or State Public Employment Service of Spain has alerted the public that in the last few hours a phishing has been circulating that passes itself off as this state body and that the objective is to steal data banks (to later steal money).

People receive an SMS, a WhatsApp or an email. It seems that the message varies, but the same link appears in all of them, which is the following: “https://sepe.es.6578653.top/”. According to the information provided by SEPE, the most common messages indicate an amount of money that you have to pay after a failed update of your bank details.


How they steal information

The link is recognized as a phishing attempt if you open it with your PC and a Firefox browser. From Mozilla they explain that “Firefox has blocked this page because it can trick you into doing something dangerous like installing software or revealing personal information such as passwords or credit cards.” For its part, Microsoft Edge has already been alerted and informs you that “Microsoft recommends that you not continue on this site. Microsoft has received information that it contains phishing threats that may attempt to steal personal or financial information.”

If you open it with your phone, which is the most common (because you receive an SMS or WhatsApp in many cases), it takes time to load in the browser. Even so, in this type of detected phishing attack, it is normal for the attackers to return to the attack after a while. The Manresa Police reported this and said that the following interface appeared to some citizens:


As you can see in the photo, you are asked to select your bank to update your account details. As options they give BBVA and Banco Santander (widely used in attacks in general), but you can also select the option “Other Banks”.

The SEPE reports that “it is important that you DO NOT click on that link, as it is a fraudulent campaign via SMS to get hold of your personal data” and asks you to remember that the SEPE does not will never ask for your personal data by SMS. In the alert created, it states that it can also be by WhatsApp or by mail as indicated above.