Phishing in the DGT: fake emails that report traffic tickets
Natàlia Homs
In recent days, a wave of false emails has been detected that impersonate the DGT, reporting an alleged fine for improperly parking in the amount of €35.99. This phishing campaign takes advantage of institutional prestige and urgency to deceive unwary citizens and achieve early payments.
What does the fraudulent email contain?
A message stating that the recipient has been fined for improper parking in a restricted area.
A request for immediate payment of €35.99, warning of a 50% surcharge and possible legal action if not made within 24 hours.
A link (or button) to make the payment by credit card, directed to a domain that does not belong to the DGT.
How to identify that the email is not from the DGT
The DGT publicly announces that it never sends notifications of fines by email or SMS unless the citizen is registered in its notification system (DEV).
The sender email addresses and the links included do not match the official DGT domains.
The message uses alarmist language: threats of surcharges, urgent payment, time pressure — common tactics in phishing and smishing.
Why these frauds are still effective
Fraudsters take advantage of the fact that many people are unaware of the actual procedure for reporting fines — postal letter, official DEV notification, or notice board announcements — to make an urgent email credible. They use fear of sanctions, fees or legal problems as a psychological hook. The greater the regulatory anxiety, the lower the verification of the legitimacy of the message; thus, they manage to get many victims to act by instinct and not by reflection.
These frauds also benefit from general ignorance about official domains, email authenticity checks, and the habit of clicking quickly without verifying the sender or link.
Recommendations from Apolo Cybersecurity
To protect yourself—and your environment—against these types of scams, we suggest:
Directly delete any email or SMS that indicates a fine linked to the DGT if you weren't expecting notification.
Never click on links in suspicious emails: check the official site manually if you have questions.
Verify that the notification is real through official channels: postal mail, notice board or the official DEV system.
Check the sender's URL: official domains end in dgt.es; any variation may indicate impersonation.
Use strong passwords and enable two-step authentication (2FA) on personal accounts, especially if they contain sensitive data.
Keep your operating system and security tools up to date to prevent the execution of malware if you ever opened a questionable link.
Train and make family members and acquaintances aware of these scams: reporting can prevent victims in your environment.
Report fraud to competent authorities and cybersecurity bodies to help stop its spread.
Protect yourself today against phishing and smishing scams
Don't let a fake email steal your information or your peace of mind. At Apolo Cybersecurity, we help you audit your digital security, strengthen your defenses, deploy good practices and train your team to detect fraud before it causes harm. Prevention is the best defense: act now and protect what really matters.
%402x.svg){kind=icon}
.webp)