As fraudulent SMS messages impersonating public institutions spread, experts warn that their growing sophistication is making them harder to detect. These scams are part of a broader rise in cyberattacks targeting Moroccan institutions and digital platforms. DR ‹ › Your phone buzzes with a new SMS: a message urging you to pay an overdue traffic fine. The sender appears legitimate, the wording official, and the sense of urgency pushes you to click the link before thinking it through. This type of phishing scam has recently targeted Moroccan users, with messages posing as institutions such as NARSA and the Ministry of Justice. In response, NARSA denied sending such messages, stressing that it does not offer any service allowing fine payments via SMS links and that the circulating websites are fraudulent. The Ministry of Justice issued a similar alert, warning that the messages falsely claim eligibility for fee exemptions while setting fictitious deadlines, and urging citizens not to click on such links or share personal or banking information. But these SMS scams are only one part of a broader wave of cyber threats currently targeting Morocco. Scammers exploit trust and urgency What makes these messages particularly dangerous is their credibility. «These attacks rely on manipulating the victim rather than directly targeting a system», explains cybersecurity specialist Samira Haddad. According to her, fraudsters exploit «trust, by using the name of an official institution, and urgency, through messages such as 'immediate payment required' or 'penalty'», a strategy made more effective by the growing sophistication of these scams. She explains that the messages are increasingly convincing, with links that closely resemble legitimate sites, well-written content, and sometimes even credible-looking sender names. Yet, she insists, there is always a detail that gives them away. «Ask yourself one simple question: was I really expecting this message?» she says, warning that unexpected messages should immediately raise suspicion. She also advises users to «never click under pressure», noting that fraudulent messages systematically create urgency through phrases like «unpaid fine», «account blocked», or «final notice», tactics not used by official institutions via SMS. Better safe than sorry The expert further recommends checking links carefully by verifying domain names such as «.gov.ma» or «.ma» and avoiding unusual or lengthy URLs. «Even a small difference can indicate fraud», she warns. Haddad also stresses that no legitimate authority will ever request sensitive information such as banking details or passwords via SMS links. Her final advice is simple: «If in doubt, do nothing, don't click, don't reply, don't share». Phishing attempts in Morocco are not limited to public institutions but also extend to the banking sector. Previous cases have involved fraudulent messages, phone calls, and fake surveys impersonating banks to trick users into sharing sensitive data. On this point, communications systems engineer Mohamed Abbaray told Yabiladi that verifying the source of SMS messages is essential. «Legitimate messages usually appear within the same thread or feed from your telecom operator, bank, or service provider», he explains. «If a message appears separately, outside the usual thread, that's a red flag». In such cases, he stresses a simple rule: «never click the link». Instead, users should contact the institution directly. «Contact your bank or service provider directly to check if the issue is real», he said, adding that the same applies to public institutions. Both experts stress the importance of awareness. «Digitalization inevitably comes with these types of attacks, which is why awareness is crucial», Abbaray noted, adding that «the weakest link in this chain is the user». Haddad also calls for stronger institutional efforts, including better monitoring of fraudulent sites, easier reporting mechanisms, and reinforced authentication systems to secure official platforms. Growing cyber threats Beyond these scams, a broader and more persistent wave of cyber threats is targeting Morocco. One of the most notable actors behind these attacks is the hacker group JabaRoot DZ, which since April 2025 has carried out a series of intrusions targeting key institutions, including the Ministry of Economic Inclusion, the National Social Security Fund (CNSS), and the Ministries of Employment and Justice, as well as other government bodies, leading to major leaks of personal data. The group has also targeted platforms such as Tawtik, the notarial system managed by the National Agency for Land Conservation (ANCFCC), allegedly leaking sensitive documents and data. One of its most recent alleged attacks was reported last week, when the group claimed a new intrusion targeting the National Fund of Social Welfare Organizations (CNOPS), with the alleged release of sensitive data on Telegram. Whether through sophisticated phishing SMS scams or organized cyberattacks, these incidents reinforce concerns over recurring vulnerabilities in public digital systems and highlight a growing exposure affecting both users and institutions.
