At first glance, it seems like just another traffic fine: an official-looking document, complete with the DGT logo, and a message urging the recipient to pay promptly. However, this is a trap. This fraudulent notice has been appearing on car windshields in Malaga, aiming to impersonate the General Directorate of Traffic (DGT) and steal sensitive bank information from unsuspecting drivers.

The Local Police and the City of Malaga have swiftly launched a public warning following the discovery of several cases this week. According to a recent announcement, these counterfeit documents utilize logos from the Ministry of Interior and DGT to project authenticity. The intent is clear: to mislead drivers into believing they have received genuine fines.

A Scam to Steal Bank Card Data

The mechanism of this deception is straightforward. The supposed fine incorporates a QR code. When scanned with a mobile device, it redirects the user to a fraudulent website designed to mimic the online DGT interface. Here, victims are prompted to enter their bank card information. Everything is crafted to appear legitimate, even including a “support chat” that uses official traffic agency imagery.

FALSE QR DGT MALAGA 2 Fine
This is how fines that have appeared in Malaga are viewed in recent days

The objective is evident: to capture the credit or debit card information from those who fall victim to this scam.

FULL FALL Capture 1
FULL FALL Capture 1
The fraudulent website: This is how they attempt to steal your data with a DGT appearance

However, the deception is not flawless. Some apparent inconsistencies might raise suspicion; for instance, the header incorrectly uses “boss” instead of “headquarters” and “apartadp” instead of “section.” Additionally, key elements of an authentic fine are notably absent, such as the agent number, vehicle details, or the location of the alleged infraction.

Nevertheless, the risk remains significant. Amidst the hustle and bustle of daily life, the urgency to remedy what seems to be a genuine issue may lead someone to scan the code and inadvertently enter their sensitive information without much thought.

Scams employing QR codes are not particularly new. This type of deception has its own name: Qrishing. Various organizations, including the National Institute of Cybersecurity (INCIBE), have been alerting the public to this kind of fraud. The unique aspect of this situation in Malaga is that it could easily extend to other cities if the fraudsters replicate the method with slight modifications.

Malaga legitimate fine
Malaga legitimate fine
An image of an authentic fine, featuring all official elements

The City Council has made available two contact numbers, 951 926 010 and 010, for citizens to consult any doubts or verify the legitimacy of a fine. Moreover, images of authentic sanctions have been shared to assist in distinguishing genuine notices from fraudulent ones.

Currently, there is no official indication of who is behind this scam. However, what is clear is that the fraudulent website remains active. The domain being used, dgtmultamalaga.sbs, is registered through Webnic, a low-cost Asian registrar, complicating efforts to track down the individual responsible or determine if the registration details have also been falsified.

In light of these developments, it is essential for the public to remain vigilant and informed. With the growing incidence of internet scams, awareness and caution can serve as effective safeguards against fraudulent schemes.



General News – 2