Do not trust the SMS or calls that come from BBVA or Santander: attacks take advantage of the thread of those messages or your ID to deceive you

On By Garmin Philip

Be careful with the SMS from your bank. Typically, phishing attacks will come through email and try to trick you into clicking where you shouldn’t, but now These attacks go one step further with the so-called ‘smishing’ and SMS Spoofing.

These attacks they are more delicate because make SMS messages arrive in the same thread as legitimate messages from your bank: Suddenly it seems that BBVA or Santanter notify you through their normal SMS threads – apparently the same ones where you receive normal messages – of possible unauthorized access or that your account has been deactivated. To solve it, of course, you only have to click on a link, but be careful, because that link is the real danger.

Smishing and SMS Spoofing as new threats

The Bank of Spain itself has warned of this type of fraud with which criminals impersonate banks to try to access data and private information of the user.

Banco Santander has in fact a information page about these social engineering attacks, also called smishing, and that as we mentioned, they end up trying to deceive us using SMS.

The attackers they usually use already known arguments: You have won a prize or a problem or threat has arisen in your account that you can solve directly. How? By clicking on the link that is usually included in the message.

There are many users who in recent weeks have warned, for example on Twitter, of how messages from banks such as BBVA or Santander arrive precisely with those kinds of texts.

See also  Apple will include an iPhone chip in its next Mac

As can be seen in those messages, the links that are included are usually suspect from the first moment when using, for example, domains from foreign countries (such as Russia, .ru), although there are others that are more elaborate and that make use of more credible domain names (such as the one that tries to make us click on bbva-movil-seguridad.net).

In BBVA they already indicated on Twitter that “we will not send you SMS with links, nor will we ask you for passwords or personal data”, and in fact they ended up saying that the best thing you could do with those messages was to delete them directly.

In the end, as indicated in Santander, it is important not to click on the links to web pages that are sent to us via instant messaging or SMS. If we have doubts, we can open the browser or the official mobile app separately to access our account and check that everything is in order, but we can also contact our bank by phone call.

How is it possible that robbers have your ID or telephone number? That makes the deception more credible

In addition to this problem, other important problems are also occurring: suddenly You may receive a call in which someone pretends to be an employee of Banco Santander or BBVA (or another bank).

See also  Good news has come for those who buy iPhone, iPhone 12 is getting half price in the offer

The thing would be easily discarded, but it is that that supposed employee has your name, your ID and your phone. That, of course, makes anyone doubt, because that data actually usually has the bank with which we operate.

Neither her name is Linda nor does she work at Microsoft, but she speaks terrible Spanish: be very careful with this version of call fraud

From there, the employee tells you things like that there has been a problem and that they are going to send you an SMS with a link to fix the problem. Or they ask for the code that the bank sends you to complete the process to fix the problem. What do we do?

Again, nothing. Ignore the call and message And, if in doubt, call our bank, which will surely tell us that this was a phishing attack and that there is no problem with our account.

How is it possible then that a cyber attacker has our name, ID and telephone number? It’s very probable that got them from massive data breaches like the one that occurred last year among Phone House customers.

There 113 GB with phone numbers, addresses and more were stolen, and now that and other data is perfect for cybercriminals to fine-tune these social engineering attacks and make them even more sophisticated. It happened recently with the fake messages from the courier company MRW, for example.

See also  Manage to hack a wallet with 2 million dollars in cryptocurrencies because they had forgotten the PIN

As we mentioned in the past, when faced with these calls, the important thing is not to do anything urgently. Roman Ramirez (@patowc), cybersecurity expert and organizer of the RootedCon event, explained that the important thing in a call of this type is that “people cool down and do nothing immediately”. Criminals try to manipulate our cognitive biases and convince us that we must act quickly and without thinking.

Yet that is precisely what we must not do. We must have common sense and not make any immediate decisions. As soon as we take a minute to analyze the problem, we will realize that this problem almost certainly does not exist. However, be careful with these scams, because they are certainly becoming more and more dangerous.

Vïa | EuropaPress



Reference-www.xataka.com