BBVA and Santander SMS scam: how it works and how you can avoid falling for this deception

We are going to explain to you how it works and how to avoid biting into the BBVA and Santander fraudulent SMS scam, the new campaign phishing through fraudulent messages that try to steal your bank details. It is a fairly well prepared campaign, since it is a message that creates an alert and sends you to a page very similar to the real ones of your bank.

We are going to start the article trying to explain to you in the most understandable way possible how this scam works. Because information is power, and understanding its operation will make it easier to identify and don’t fall into their trap. But as if this were not enough, then we will give you three basic tips to avoid falling for this or other scams that work the same.

How this scam works

This new SMS scam is a case of phishing, which literally means fishing. Cybercriminals have somehow obtained a database with telephone numbers of clients of these gangs, and they send them SMS en masse. It is as if they threw the cane, and the hook is to worry them with an imminent threat telling them that their account has been suspended.

The SMS may be different depending on each bank. The one they send to BBVA clients is the following:

“BBVA: Your account has been temporarily suspended for security reasons, follow the link to verify your identity: https: //ra0.cc/05re? Bbva.es.”

Meanwhile, some of the SMS that Santander customers are receiving say the following:

“Banco Santander: Your account has been temporarily suspended for security reasons, follow the link to verify your identity:” https://santander.seguridad-web-esp.xyz/4RwjPsoa2Ww9AGSUEitDTyk0ZZ/. “

What these messages do is create an alarm that makes you want current imminently, since they close your bank account is quite scary. Then, in the message they attach the address to a fraudulent page which is where your data is going to be stolen. You can tell right away that it is a strange web address, that is, cybercriminals try to add the name of the bank to the address to try to confuse you.

If you make the mistake of entering the address attached to the SMS, you will go to a scam page. This website is designed to look like the real page of your bank so that you do not realize the deception, and it is written that you enter your user data and the password to your account.

What cybercriminals want to do with these scam pages is get your data to log in with your account, and thus take control of your bank and try to steal money or do some other type of management posing as you. They play the distraction, because people who do not know too much about the Internet can click on the address of the SMS and think that it has led them to a real website.

How to avoid this scam

To avoid this scam you only need to know one thing, look at another, and take a specific precautionary measure. What you have to know is that your bank will never send you an SMS with links or asking for your passwords to access the account. At most, they will send you informational messages.

When you receive these types of messages, you should be wary of any website that does not use the bank’s URL. For example, the URL of BBVA is BBVA.es, and no matter how much there are other subdomains first, it will always always always end in bbva.es. If the address contains the name bbva or bbva.es but ends in a different way, such as bbva.es.engaño.xyz, that deception.xyz is the one that determines the website you are accessing, and thus you identify that it is fraudulent.

Here is a subsection, and that is you must know how to recognize the pages that cut links. If there is a / symbol in the address, everything after it belongs to the previous web. Returning to the example, if the website is deception.xyz / bbva.es, bbva.es will no longer be the main page, since it is after the /.

And the precaution you have to take is that, when you receive possible notices from your bank that include addresses, enter manually from the app or the bank’s official website. Come on, do not click in that address, but go to the browser and manually type the address of your bank to enter it. If the notification is real, it will also appear in the notification area of ​​the app or your bank’s website.