The different scams and social engineering scams They are always evolving and trying to come up with new formulas so that victims fall into their networks. Relying primarily on the deception of phishing and the false sense of security by believing it is a legitimate sender, cybercriminals manage to get away with it.
This time, they go a step further and they pose as a security alert from your bankwhen what they really want to do is steal your banking credentials and steal them from you.
SMS with false alert for purchase of 986.45 euros
For a few months now, a series of identity theft communications via SMS has been intercepted, known as smishing. On this occasion, apparently it is our bank that sends us a security alert related to a purchase of a high amount and a link where we can supposedly cancel its processing.
«Purchase accepted for an amount of 986.45 euros. If it was not you, follow the steps in this link to cancel it (link)»
The amount, we do not know very well why, is exactly 986.45 euros and cases of a multitude of banks that they pose as, mainly Caixabank, Bankinter or Abanca (as in the case of our capture).
If it happens that you do not have a checking account at the bank that is supposed to alert you, you will probably quickly realize that it is a scam. However, if your bank agrees with this notice, the panic that almost 1,000 euros has been stolen can make you act recklessly and click on the link. In that case, you will actually be accessing a very similar-looking page where scammers they will try to do it with our username and password to access online banking.
Avoid these scams and what to do if you have been a victim
The Internet User Safety Office has a series of guidelines to follow to act when receiving messages of this type via text message, email or any other support.
Do not open messages from unknown users or that you have not requested, delete them directly. Do not answer these SMS in any case. Be careful when following links, even if they are from known contacts. Check the URL of the web page. If there is no certificate, or if it does not correspond to the site we access, do not provide any type of personal information: username, password, bank details, etc. In case of doubt, consult directly with the entity involved or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and Incibe’s Internet User Security Office (OSI).
Likewise, banks also offer a series of guidelines to try to raise the level of security:
Close all applications or programs before accessing your website. Type the URL of the entity directly in the browser, instead of reaching it through links available from third-party pages, in emails or SMS. Remember that a bank never notifies incidents of your account via email or SMS, including a link to your website in the message. If you prefer to use the bank’s app for the different procedures, make sure you download the official app. Protect your accounts. Use strong passwords and double verification systems, whenever possible, as it will allow you to add an extra layer of protection. Do not access the online banking service from public, unreliable devices or devices that are connected to public Wi-Fi networks.
