Spain’s OSI warns of scam offering CaixaBank, Santander and BBVA customers €431 reimbursement

JE British and US special forces are INSIDE Ukraine claim leaked docs

British and US special forces INSIDE Ukraine claim leaked docs. Credit: CeltStudio/

Spain’s Internet User Security Office (OSI) warned of a new scam offering to reimburse CaixaBank, Santander and BBVA customers with €431.

The Internet User Security Office (OSI) warned this week about a new scam it has detected in Spain. It is a smishing campaign that impersonates La Moncloa and various banking entities, including Santander, BBVA, CaixaBank and Bankia.

This latest scam uses the technique of social engineering to send users an SMS message which is designed to encourage its recipients to click on a link that accompanies their message.

Once clicked, it redirects then to a fraudulent page that impersonates the La Moncloa website. In turn, the latter redirects the victim to various malicious banking pages that can steal the account access credentials of that person.

The OSI reported that: “in the SMS message the victim is informed that if they have not yet received the annual tax refund for the dates 2022-2023, they can claim their refund of €431.78 through the link provided. The SMS detected maintains the correct wording, although it presents some spelling mistakes. It should be noted that it is sent from a private telephone number, without official identification”.

If the affected party clicks on the link, they will be directed to a malicious website with a design similar to the legitimate one. At this point, they will be informed that two emails have been sent asking them to complete the refund procedure before the URL expires, as reported by this Saturday, April 8.

A message is displayed asking the user to ‘Accept La Moncloa’s Terms and Conditions’, despite the fact that there is no link to read said terms and conditions.

The OSI pointed out that: “web pages that impersonate banking entities will show a login window to request the account credentials, and a loading process will be maintained that never ends or accesses any banking portal”. In the event that the user enters their credentials, they must understand that the cybercriminals will have access to their bank account.


Thank you for taking the time to read this article. Do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.

Written by

Chris King

Originally from Wales, Chris spent years on the Costa del Sol before moving to the Algarve where he is a web reporter for The Euro Weekly News covering international and Spanish national news. Got a news story you want to share? Then get in touch at