Fake SNS Debt Text Messages Targeting Portuguese Residents: How to Spot and Report the Scam

The Portugal Public Security Police (PSP) has escalated warnings about a sophisticated SMS fraud campaign impersonating the Ministry of Health and the National Health Service (SNS), aimed at extracting personal banking information and cash from unsuspecting residents. The criminal operation, known as "smishing," has intensified throughout late 2024 and into 2025, prompting repeat alerts from law enforcement and cybersecurity agencies across the country.

Why This Matters:

• The Ministry of Health never sends SMS demanding payments or bank references—any such message is fraudulent

• Victims who click malicious links or pay fake debts risk identity theft and direct financial loss

• SNS 24 services remain entirely free—no legitimate health authority will request card details or urgent transfers

• Anyone who already responded should preserve all evidence and file a report with PSP immediately

Anatomy of the Health Service Scam

Fraudsters deploy two primary variants in this wave. The first claims unpaid emergency room fees and provides a counterfeit Multibanco reference, pressing recipients to settle supposed arrears before an arbitrary deadline. The second version embeds a malicious hyperlink disguised as an account-update portal, designed to harvest login credentials, tax numbers, and payment card data the moment a user enters them.

Both formats exploit "spoofing" technology to mimic official sender IDs, making messages appear as though they originate from recognizable government short-codes. The Portugal Shared Services of the Ministry of Health (SPMS) has confirmed that neither the ministry nor any SNS entity uses text messages to request financial settlements or sensitive data, yet the scam continues to ensnare individuals unfamiliar with official communication protocols.

The Center for National Cybersecurity (CNCS) notes that artificial intelligence is now streamlining these attacks, enabling criminals to auto-generate convincing language that mirrors bureaucratic tone and even adapts to regional dialects within Portugal. This leap in sophistication has made visual inspection alone insufficient; residents must verify through independent channels before responding to any unsolicited health-service message.

What Fraudsters Are After

The criminal objective extends beyond immediate cash. By capturing Social Security numbers, tax identification codes, and online-banking passwords, operators can execute secondary fraud—opening credit lines, filing false reimbursement claims, or reselling credential bundles on dark-web marketplaces. The PSP cybercrime unit has logged a surge in reports since late 2024, particularly targeting older adults and recent immigrants who may be less familiar with digital-government practices.

The Judicial Police (PJ) Technology Crime Unit is coordinating investigations, as many server infrastructures hosting the fake portals are traced to jurisdictions outside the European Union. The scale of this threat across Europe is significant, with SMS-based fraud schemes accounting for a substantial portion of successful scams and median losses often reaching hundreds of euros per incident.

How to Recognize a Fraudulent Message

Legitimate correspondence from Portugal's health authorities arrives through registered postal mail for billing matters or via the official sns24.gov.pt web portal for account notifications. Genuine SNS messages never include:

• Clickable shortened URLs or unfamiliar domains

• Requests for immediate wire transfers or Multibanco references

• Urgent language implying service suspension or legal penalties

• Spelling errors, awkward phrasing, or generic greetings like "Dear User"

Even if a sender ID reads "SNS 24" or "Min-Saude," treat any payment demand as fraudulent until independently confirmed by calling 808 24 24 24—the official, toll-free SNS 24 helpline. Do not use contact details embedded in the suspicious message itself.

What This Means for Residents

If you receive a purported health-service debt notice by SMS, delete it without clicking any link. Block the sender number and forward a screenshot to csirt@spms.min-saude.pt, the SPMS cybersecurity incident mailbox. The PSP recommends formal complaints through local stations or the online portal at psp.pt, particularly if you already disclosed information or transferred funds.

Victims who entered banking credentials should contact their financial institution immediately to freeze accounts and reverse unauthorized transactions. Portuguese banks are required under EU Payment Services Directive rules to investigate fraud claims within ten business days, though outcomes depend on how swiftly the alert is raised.

For those who paid via Multibanco reference, recovery prospects diminish rapidly—funds typically clear within 24 hours and may be laundered through layered accounts. Prompt police reporting improves traceability, and the National Cybersecurity Center collaborates with payment processors to flag suspicious reference codes in real time.

Regulatory and Industry Response

The Portuguese Consumer Defense Association (DECO) has criticized existing telecommunications law as inadequate, arguing that mobile carriers bear minimal liability for enabling spoofed sender IDs. Several European nations, including Spain, are implementing stricter requirements for SMS identifier registration, measures anticipated to reduce cross-border smishing significantly. DECO is lobbying the Portugal Communications Regulatory Authority (ANACOM) to adopt parallel measures to strengthen protections for Portuguese residents.

Meanwhile, the SPMS has activated enhanced monitoring on its official domains, deploying automated takedown requests when copycat sites surface. The agency processed over 150 fraudulent-domain reports in recent months alone, though new URLs emerge as quickly as old ones are suspended.

Law enforcement faces jurisdictional challenges: many scam operations route through virtual private servers in Eastern Europe or Asia, complicating evidence collection and extradition. The PJ Cybercrime Unit participates in Europol task forces and has secured several arrests in joint operations, yet convictions remain rare due to anonymization tools and cryptocurrency payment trails.

Practical Steps to Stay Protected

Bookmark sns24.gov.pt and access your health records only through that verified address.

Enable two-factor authentication on government portals that support it, reducing the impact of stolen passwords.

Install call-screening apps that flag known scam numbers—several Portugal-focused databases exist.

Educate elderly relatives and non-native speakers who may lack familiarity with official procedures.

Report every suspicious message, even if you did not fall victim—aggregate data helps authorities map criminal networks.

The Portugal Ministry of Health reiterates that all SNS 24 consultations, emergency triage, and administrative inquiries remain free of charge. Any demand for payment by text message is, without exception, a criminal attempt. When in doubt, hang up, delete, and verify through official channels before taking any action.