AlertInformes

Phone threat report for Spain (second quarter of 2026)

Quarterly summary of the most active phone fraud campaigns in Spain, with data from NoCall and official reporting channels.

N
By Equipo NoCall
NoCall Editorial
May 31, 20268 min read
Phone threat report for Spain (second quarter of 2026)
#amenazas telefónicas#informe trimestral#suplantación bancaria#smishing#vishing

This report covers the most active phone fraud campaigns in Spain during the second quarter of 2026. It is compiled by the NoCall team from community reports and official alerts from bodies such as INCIBE, the AEAT (Spanish tax agency) and Correos (the postal service). The aim is simple: to let you know what is going around and how to defend yourself.

This is a recurring report. Every quarter we publish an overview of the landscape so that you can follow how the threats evolve without having to track down a hundred sources. Here we focus on the qualitative side: the mechanisms, the impersonated sectors and the signals that keep coming up. The specific, up-to-date figures live on our live data pages, which we link to throughout the text.

Which campaigns have dominated this quarter?

Three families of fraud account for most of the activity we see in the community: bank impersonation, parcel-delivery scams and fake tech support. They are nothing new, but they remain the most profitable for whoever launches them, which is why they are recycled quarter after quarter with minor variations.

Bank impersonation combines SMS and calls. A message arrives that looks like it is from your bank, warning of a suspicious charge or telling you that you need to "reactivate your account", followed by a call from a supposed agent of the fraud department who pressures you into "securing" your money. The message often slips into the same SMS thread as legitimate texts from your bank, because the sender ID can be spoofed. If you want to understand the full mechanism, we go into it in how to check whether a call or SMS from your bank is genuine.

Parcel-delivery scams follow the "held parcel" script. You receive an SMS saying your delivery is on hold because of a small outstanding fee, and it takes you to a fake payment page. The amount is deliberately tiny: what they are after is not the euro or so, but your card details for later fraud. Correos has said it bluntly: it never sends payment links by SMS. You have the detailed analysis in parcel-delivery scams and fake Correos SMS.

Fake tech support comes by phone call. Someone claims to be a Microsoft or Apple technician, warns you of a problem with your device and asks you to install a remote-control tool such as AnyDesk or TeamViewer. Once inside, they get into your online banking and your files. INCIBE has been repeating the same warning for years because the tactic works on anyone who is not familiar with it.

Which sectors are being impersonated most?

The underlying pattern does not change: scammers disguise themselves as brands and institutions you already trust. The more everyday and serious the sender seems, the more the victim lets their guard down. These are the sectors that appear most in community reports and official alerts this quarter.

Impersonated sectorTypical hookOfficial verification channel
BankingUnauthorised charge, "reactivate account"The bank's official app or website, the phone number on the back of your card
Parcel delivery (Correos)Held parcel, outstanding feecorreos.es and the official app; never payment links by SMS
Tax office / Social Security"New notification", refund, urgent debtThe AEAT electronic office using Cl@ve; seg-social.es
Tech support (Microsoft/Apple)"Your device is infected", install remote controlThe manufacturer's official channels; they never call you first
Family members (AI voice)Emergency, "Mum, I need help"Hang up and call the relative yourself on their usual number

Tax office and Social Security impersonation ramps up during tax-return and notification seasons. The email or SMS mentions a "new notification" or a pending refund and pushes you to a link that mimics the official office. The rule is the same as ever: neither the AEAT nor Social Security asks you for confidential data by SMS or email. Always go in yourself, typing the address in, and authenticate with Cl@ve. We explain it step by step in how to verify a notification from the tax office or Social Security.

Which technical tactics do we see behind these campaigns?

This quarter's campaigns rely on a handful of techniques worth knowing about, because they are what makes the deception believable.

  • AI-cloned voice. With just a few seconds of audio lifted from social media, scammers generate a relative's voice to set up the classic "I've got a problem, send me money". INCIBE has documented real cases in Spain. We analyse it in AI-cloned voice in phone scams.
  • Quishing. QR codes and links inside SMS messages that lead to data-capture pages, taking advantage of the fact that a QR code does not show where it points. More detail in quishing: QR codes and links in SMS.
  • SIM swapping. The attacker gets a duplicate of your SIM in order to intercept the verification codes you receive by SMS. It is usually preceded by a data-gathering phase via vishing or smishing. We show you how to protect yourself in SIM swapping: SIM duplication and how to protect yourself.
  • Flash calls and ping calls. Extremely brief calls that hang up instantly, used to verify numbers or to get you to call back a premium-rate number. We break it down in flash calls and ping calls.

Behind many of these operations are organised structures that work like call centres. If you are interested in understanding how they work on the inside, we tell the story in how a fraudulent call centre works on the inside.

What does the community data tell us?

NoCall is fuelled by the reports people send in. Every time someone flags a number as spam, leaves a comment or categorises a call, that signal feeds the picture you see in the directory. We do not publish frozen figures here because they change daily; instead we point you to the pages where you can check the up-to-date data at any time.

  • The breakdown by threat type, the volume of reports and the weekly trend are in phone spam trends.
  • The list of the numbers most reported by the community is in spam numbers.
  • If a call comes from a landline, you can pinpoint the area by its area code in area codes.
  • To see which operator a number belongs to and how many flagged numbers it has built up, check operators.

If you want a broader picture of the phenomenon, we have two complementary reads: the X-ray of phone spam in Spain and the analysis of operators with the most spam numbers in Spain. And if mobiles are your thing, take a look at the most reported mobile prefixes in Spain.

A note on methodology: when we give a figure, we draw it from verified community reports, not from estimates. You can see how we work in methodology.

How do you protect yourself this season?

The defence has not changed as much as the campaigns have. Most of these frauds are neutralised with three simple reflexes, and it is worth going over them each quarter.

ReflexWhat to doWhy it works
Verify on your ownHang up and contact the organisation yourself through its usual channelThe number you see can be spoofed; the one you dial cannot
Don't install or pay under pressureNo legitimate technician or bank asks you for remote control or urgent paymentsHaste is the scammer's tool, not the real service's
Block and reportBlock the number and report it on NoCallYour report protects the next person who gets that same call

For blocking in practice, you have the device-by-device guides: blocking spam calls on iPhone and, for Android, blocking by manufacturer, which varies depending on each brand's skin. If you run a landline or a company switchboard, take a look at blocking numbers on a landline and small-business switchboard.

Two situations deserve separate attention. If you get a call from an international number you are not expecting, before calling back read what to do about a call from an unknown international number; often the goal is to get you to call a high-cost number. And if you have older relatives, they are the favourite target for voice cloning and fake support: share with them how to protect older people from phone scams.

What if you don't know whether a number can be trusted?

When in doubt, don't improvise: learn to read the clues. A number that hangs up instantly, that comes at odd hours or that matches a sector being impersonated this season brings together several risk signals at once. We explain how to interpret them in how to read a number's risk signals. And remember the official channel: in the face of any fraud, you can call INCIBE's 017 line (also available on WhatsApp), free and with wide opening hours, which gives guidance on smishing, vishing and fraudulent links.

In summary

The second quarter of 2026 has followed the familiar pattern: bank impersonation by SMS and call, parcel delivery with the "held parcel" story, and fake tech support asking for remote control, all of it increasingly leaning on AI-cloned voice, quishing and SIM swapping. You don't need to be tech-savvy to defend yourself. It is enough to verify on your own, not act under pressure and block anything suspicious.

And this is where the community comes in. Every call you report on spam numbers sharpens the system for everyone else. If you have been hit by one of these campaigns this quarter, report it: it is the most direct way to keep the next person from falling for it. You can follow the pulse of the threats in trends and go through the rest of the guides on the blog.

Received a suspicious call?

Look up the number in NoCall before sharing data, calling back, or clicking any link.

Search a phone number or a company name (Bank of America, Verizon and AT&T...) to check if it has been reported as spam.