Several users have notified the receipt of text messages or SMS in which they appear Santander Bank Y BBVA and who respond to a fraud called ‘smishing‘, with which cybercriminals seek to access confidential information of their victims.
As reported by some users
via Twitter, they’re receiving SMS messages in which the entities, supposedly, report that an unauthorized access has been detected in the bank account on duty, and that to solve it they must ‘click’ on a link.
Other clients of these banks, on the other hand, have received an SMS alerting them that your bank account had to be closed due to an update.
To unlock it, they must follow a seemingly secure link that actually belongs to a Russian website.
However, some users have noticed this problem because they have received messages from banks of which they are not clients and do not have any type of account open in their branches.
One distinguishing feature of this campaign is the fact that the fraudulent SMS messages are included in the message thread used by legitimate entities to communicate with your customers, such as to authorize purchases, thanks to the use of malicious techniques that mask the real number.
Be very careful with the phishing that is circulating from BBVA
😱 the sms arrives in the same thread as your bbva messages
— MJ Cachón (@mjcachon) January 11, 2022
Due to these complaints,
from BBVA They have remembered that they will not send SMS with links nor will they request passwords or personal data in this way. They have also recommended that customers delete these messages if they receive them.
For its part, Banco Santander has indicated that, in this type of situation, the most advisable thing is to protect the sensitive data that is requested through these SMS and, in case of doubt, contact the company or the sending administration through its channels. and official addresses.
In addition, it has indicated that it is not convenient to click on the links of web pages that are sent through instant messaging or SMS. Instead, and when in doubt, you should access a specific page directly through the browser or a search engine.
What is ‘smishing’?
Despite the fact that, until recently, the most used method to steal personal data was ‘phishing’, through emails, ‘smishing’ has become one of the most common today. Its name derives from the medium with which the attack is carried out, the SMS.
This fraud, which is also called ‘SMS Spoofing‘ (Spoofing via SMS), is done by sending a message informing that the recipient has won a prize or that there is a problem with their bank details.
Unlike ‘phishing’, where most of the fraudulent emails are filtered through the email spam folder, ‘smishing’ attacks are characterized by a more sophisticated technique.
Instead of being blocked these SMS messages are added to the same thread of legitimate messages from the bank to which the user belongs. In this way, if you have received previous notifications (for example, when you receive an authorization link in an online purchase process), they are shown below.
This communication includes information for the user to call a certain telephone number to carry out a specific transaction or click on a link outside the bank. If you agree, cybercriminals will be able to obtain your personal data, such as your account number or ID.
It is worth mentioning that the Bank of Spain has recently warned of this fraud and that it is carried out through different web pages and mobile applications. In addition, he has warned of the possibility of doing it for calls.
This phone spoofing (or ‘caller ID spoofing’) consists of the caller ID displaying a phone number other than that of the operator from which the call is being made.
Using this method, cybercriminals pose as employees of banks or their branches in order to get the victim to reveal some confidential data.
Once they have been obtained, the alleged employee warns that there has been a problem that the user must solve by clicking on a link that they will receive by SMS, or else the alleged bank sends a code that the customer must reveal to complete the process.