The Social Security Institute is warning about the circulation of “fraudulent messages” in the name of Social Security, which include a link to a false page similar to the Social Security Portal and which tries to convince victims that they have amounts in debt, pressuring them for immediate payments.
These messages usually appear via SMS, WhatsApp or other channels and present a tone of urgency, often with the threat of interest, additional costs or penalties, to get the victim to click and “resolve now” the supposed debt.
Social Security emphasizes that this is phishing, a technique used to obtain confidential data (or money) through deception, imitating official entities and legitimate pages.
How the scheme works and what are the warning signs
The pattern described in the alert is simple: the message points to a link that opens a page visually similar to the Social Security Portal, where the person is asked to enter personal data, bank details or make a payment.
The recommendation is straightforward: do not click on the link and do not provide any data if you receive a message of this type, even if it appears “official” or uses logos and institutional language.
Another reinforced point is that Social Security “never sends links” nor asks for bank details via SMS or messages, and that any IBAN/data update must only be done on the portal, after authentication.
What to do if you receive (or have already clicked)
If you receive the message, delete it and always confirm the information only through official channels (for example, manually accessing the portal, without using links received).
If you have already clicked, the most prudent thing is not to fill out forms, close the page and, if you have entered credentials, change the password and reinforce account security (ideally with additional authentication), in addition to monitoring bank transactions.
Authorities and digital literacy projects have also highlighted concrete examples of these messages circulating via WhatsApp and SMS, which reinforces the importance of being suspicious of urgent payment requests “in the name of the State”.
Portal will require two-factor authentication
In parallel, Social Security announced that access to NISS and password will now require two-factor authentication (2FA), being mandatory when the Digital Mobile Key is not used.
In practice, in addition to the password, a temporary code will be requested sent to a validated contact (mobile phone or email), a measure presented as aligned with good cybersecurity and data protection practices.
To activate, the published indication is to authenticate on the portal, follow the instructions to activate 2FA and confirm/update contacts, a step that, in addition to increasing security, helps to avoid interruptions in access when the obligation is fully in force.
Also read:
