Despite the Public Security Police (PSP) system not allowing the identification of the exact number of reports on this particular crime, an official source confirmed that they closely monitor the phenomenon, noting that victims typically only file complaints when the call results in actual fraud.
“Spoofing” involves falsifying an entity (email, phone number, website, or IP address, among others) to give an appearance of legitimacy and trust in the contact, aiming to deceive the victim, explained the same official source.
Cybercriminals impersonate banking entities, well-known companies, or public institutions to obtain personal data or credentials for criminal purposes, warns the PSP.
These scams can have severe consequences, ranging from stealing bank data to accessing private content on victims’ mobile phones, such as photos or contacts. In some cases, the scammers convince victims to make bank transfers, often with the promise of fictitious investments.
Consumer concern is also growing. Although without concrete numbers, Deco’s jurist Luís Pisco confirms that “many consumers seek information about this type of scam attempts.”
According to him, this type of fraud is an evolution of “phishing” practices, which now also employ voice calls (‘vishing’) or SMS (‘smishing’), using “spoofing” [number impersonation] to simulate trustworthy phone numbers.
Luís Pisco further notes that scammers “mask or falsify the phone number from which they send messages or make calls (“spoofing”), posing as reputable entities like the state, banks, public, and private service providers.
The PSP reinforces the importance of prevention, advising citizens to be wary of generic calls or messages, to avoid clicking on suspicious links, to not share phone numbers on social media, and to block unwanted calls.
Deco warns of the use of “social engineering techniques that exploit consumer naivety and digital illiteracy.” “They should hang up and verify the information conveyed (or sent via message). And never unnecessarily share personal data on social media, particularly sensitive data, as they are providing information for potential attacks,” cautions Luís Pisco.
Both entities recommend the reporting of all scam attempts, even if they have not caused any harm. However, Deco’s jurist emphasizes that current legislation “does not sufficiently protect consumers” and advocates for an urgent update requiring communication operators to implement more effective prevention and detection measures.
“The current legislation does not sufficiently protect consumers in these situations and urgently needs updating in terms of prevention, detection, and repression measures, from electronic communication service providers,” argues Deco’s jurist.
“Furthermore, there are already a set of technical solutions that can at least mitigate the effects of these attacks, which can and should be implemented,” he concludes.
