Digital scams do not give up in Spain and email continues to be one of its main gateways. Although many users believe they have identified them, attempts to phishing They are increasingly sophisticated and play with credible messages, careful designs and references to well-known companies and organizations.
In less than a day, two different emails arrived in my inbox with the same goal: to mislead me. We supplant Spotify with a fake pending payment notice and the other uses the name of Email to promote a purported job offer. Two recent examples of how these campaigns work in Spain.
A fake payment notice pretending to be Spotify
The first email appears as a billing notification with a seemingly routine tone. The message indicates that a recent payment could not be processed and prompts you to update data to avoid suspension of the service.
The first thing that arouses suspicion is that the message is in English, which is unusual in communications from Spotify with users in Spain, which are usually received in Spanish and with clear references to the account.
Examining the content a little more carefully reveals more common red flags in this type of scam. The sender is not using an official Spotify domain and the included link is to an external website which mimics the aesthetic of the platform, but is not owned by the company. There is also no personalized data about the account, subscription type or payment method used.
Urgency is another key element of the message. The warning of a possible service outage seeks to encourage the user to act quickly and click without verifying whether the notice is real. The ultimate goal is to take the victim to a fake page where they can enter their banking information or login details.
A supposed job at the Post Office “for life”
The second email is more elaborate and plays with a very effective claim: the promise of stable employment. Under the message “Build your future with Correos”, the e-mail talks about upcoming positions, job stability and the possibility of check whether the requirements are met through a test.
The design is neat and the language is convincing, but the content arouses suspicion again. The domain from which it is sent does not belong to Correos or any public entity and there are no clear references to official appeals, the BOE or real selective processes. Everything is based on generic and motivational messages, without concrete or verifiable data.
These types of campaigns are not always aimed at stealing money immediately. In many cases, the goal is to collect personal data and direct the user to so-called preparation or training services that involve subsequent payment.
Why these scams continue to work
Impersonation of well-known brands has become a common technique because generates automatic trust. Digital platforms and public bodies are part of the daily lives of millions of people in Spain, making it easier for a fraudulent email to pass the first filter without arousing suspicion.
Therefore, beyond eliminating these messages, it is essential to pay attention to details and be wary of any notice requesting personal data, generating an emergency or not clearly referring to an official site. In a context where digital scams continue to grow, identifying these signs remains the best defense.
How to detect these scams in seconds
Although they are becoming better designed, these types of frauds share patterns that should be clear. Here are the keys to knowing that it is a scam:
- Always check the sender’s actual domain, not just the display name.
- Be wary of any messages asking for personal or banking information via links.
- Be wary of emails that create urgency or fear.
- In public employment, the key reference is always the same: BOE and official website.
- If in doubt, navigate to the company’s real website manually and not from the email.
About The Author
