A new electronic fraud attempt is currently underway, with scammers sending deceptive SMS messages related to Fuel Pass, aimed at stealing personal data and banking codes from citizens. The messages are sent from 12-digit numbers from the Philippines, such as +639508929041, appearing as alleged “official notifications from gov.gr for Fuel Pass.” Recipients are told they are entitled to financial assistance through the supposed “Fuel Pass III” and are urged to activate their card immediately via a link.
The fraudulent message includes a link that leads to a fake website mimicking the official gov.gr platform, designed to steal sensitive data such as bank account details and personal information from citizens. The SMS also creates time pressure, telling recipients that failure to activate immediately will result in loss of the subsidy.
This is the scam SMS
“Official Notification gov.gr – Fuel Pass III
You are entitled to fuel financial assistance through the Fuel Pass III program.
For the amount to be credited to your account, immediate activation of your card is required on the official platform gov.gr: https://service-vouchers.cc/fuelpass
Important: Failure to activate within the deadline will result in cancellation of the subsidy.
If the above link doesn’t work, reply with “Y” to receive a new activation link.
Hellenic Republic – Ministry of Finance”.
What citizens should watch out for regarding SMS scams
Citizens should never click on the specific link and should not enter or share their personal details. It is emphasized that public agencies do not send SMS messages asking citizens to click on links to submit applications, confirm details, or enter personal or banking data.
The National Cybersecurity Authority of the Ministry of Digital Governance and Artificial Intelligence reminds citizens of useful guidelines for enhancing security and privacy. Phishing constitutes deceptive action against internet users, where the sender impersonates a trusted entity, organization, or person calling on the message recipient to follow given instructions.
These instructions may ask the recipient to follow an electronic link or provide their data, such as sensitive private information, passwords, identity or passport details, bank account, bank card, and others.
Here are some practical tips for protection against this type of attack (phishing attacks):
- You should never give personal information (e.g., Taxisnet passwords, e-Banking, card numbers/PINs, access codes, usernames) to supposed intermediaries, law firms, accountants, or other scammers for alleged services (e.g., regarding state subsidies, Power/Fuel/Tourism for All, or other cases like room rentals, etc.).
- You should access through the official website of the agency, organization, or bank or through the mobile app and not through links from messages or emails you received, search engines, or other websites.
- If you received a suspicious email, before acting you should contact your colleagues or the supposed sender to verify authenticity.
- You should carefully check the sender’s address. Phishing-type messages often have sender addresses unrelated to who supposedly sent them.
- You should examine the type of information requested. Even if the message you received appears authentic, it’s unlikely that any agency, bank, or company would communicate via email to ask for personal details, bank or credit card information, or other personal or sensitive data.
- You should be cautious if the message creates a sense of urgency. Attackers often try to apply pressure using this tactic.
- You should also be cautious about tax refund or benefit grant messages.
A thorough grammar and spelling check is effective as typographical errors and poor grammar are often characteristics of phishing-type messages.
There are several security solutions and malware countermeasures (antispamming) that include functions for recognizing and rejecting malicious messages.
