Do not trust the SMS or calls that come from BBVA or Santander: attacks take advantage of the thread of those messages or your ID to deceive you
Be careful with the SMS from your bank. Typically, phishing attacks will come through email and try to trick you into clicking where you shouldn’t, but now These attacks go one step further with the so-called ‘smishing’ and SMS Spoofing.
These attacks they are more delicate because make SMS messages arrive in the same thread as legitimate messages from your bank: Suddenly it seems that BBVA or Santanter notify you through their normal SMS threads – apparently the same ones where you receive normal messages – of possible unauthorized access or that your account has been deactivated. To solve it, of course, you only have to click on a link, but be careful, because that link is the real danger.
Smishing and SMS Spoofing as new threats
The Bank of Spain itself has warned of this type of fraud with which criminals impersonate banks to try to access data and private information of the user.
Banco Santander has in fact a information page about these social engineering attacks, also called smishing, and that as we mentioned, they end up trying to deceive us using SMS.
The attackers they usually use already known arguments: You have won a prize or a problem or threat has arisen in your account that you can solve directly. How? By clicking on the link that is usually included in the message.
Be very careful with the phishing that is circulating from BBVA
😱 the sms arrives in the same thread as your bbva messages
☠️ if you read it quickly and don’t look at the domain, they’ll bundle it up in minutes #phishing #phishingBBVA pic.twitter.com/KLnpK4h8S6
— MJ Cachón (@mjcachon) January 11, 2022
Wow, I got a supposed SMS from @BBVA without having an account in that bank, and that sends me to a Russian website. I feel safe #infosec #smishing #phishing pic.twitter.com/GnEFjp5YXm
– Óscar Urra (@o_urra) January 8, 2022
🚨 ALERT: new campaign of #phishing impersonates #BBVA via SMS 📲. Thanks to the journalist @CdelCastilloM for warning us all 😀 Extended info in our article: https://t.co/00R8DTn3M8 #cybersecurity #prevention #Recover data #RecuperaData #data recovery pic.twitter.com/EZSAiFN8tW
– Data Recovery (@recuperadata) January 4, 2022
Although I am not a client of @bbva @BBVAresponde_es @BBVA_espana I have received this phishing attempt @mossos @police @Civil Guard pic.twitter.com/JRXWGJar8W
– Miquel (@ Untitl3d86) January 5, 2022
The @bbva He sends me an SMS that someone has entered my account without authorization. How awful!!!!!
do not bite with him #phishing @movistar_esLuckily I don’t have a bbva account pic.twitter.com/NIyNo3iBEv
— bugator (@bugator2) January 8, 2022
There are many users who in recent weeks have warned, for example on Twitter, of how messages from banks such as BBVA or Santander arrive precisely with those kinds of texts.
As can be seen in those messages, the links that are included are usually suspect from the first moment when using, for example, domains from foreign countries (such as Russia, .ru), although there are others that are more elaborate and that make use of more credible domain names (such as the one that tries to make us click on bbva-movil-seguridad.net).
Cybercriminals are impersonating companies and sending fraudulent SMS. From BBVA we will not send you SMS with links, nor will we ask you for passwords or personal data. We recommend that you delete the message. All the best.
– BBVA (@bbva) January 3, 2022
In BBVA they already indicated on Twitter that “we will not send you SMS with links, nor will we ask you for passwords or personal data”, and in fact they ended up saying that the best thing you could do with those messages was to delete them directly.
In the end, as indicated in Santander, it is important not to click on the links to web pages that are sent to us via instant messaging or SMS. If we have doubts, we can open the browser or the official mobile app separately to access our account and check that everything is in order, but we can also contact our bank by phone call.
How is it possible that robbers have your ID or telephone number? That makes the deception more credible
In addition to this problem, other important problems are also occurring: suddenly You may receive a call in which someone pretends to be an employee of Banco Santander or BBVA (or another bank).
NOT EVEN IF IT IS FROM THE DAMNED TELEPHONE OF THE BANK OWN. FUCK.
Let’s see if there is someone who does not sting like that. Which is no longer fun like the so-called Microsoft. No lines. This is already another level. pic.twitter.com/zzsDvGcwwa– JJ Merelo (@jjmerelo) January 11, 2022
The thing would be easily discarded, but it is that that supposed employee has your name, your ID and your phone. That, of course, makes anyone doubt, because that data actually usually has the bank with which we operate.
From there, the employee tells you things like that there has been a problem and that they are going to send you an SMS with a link to fix the problem. Or they ask for the code that the bank sends you to complete the process to fix the problem. What do we do?
Again, nothing. Ignore the call and message And, if in doubt, call our bank, which will surely tell us that this was a phishing attack and that there is no problem with our account.
How is it possible then that a cyber attacker has our name, ID and telephone number? It’s very probable that got them from massive data breaches like the one that occurred last year among Phone House customers.
There 113 GB with phone numbers, addresses and more were stolen, and now that and other data is perfect for cybercriminals to fine-tune these social engineering attacks and make them even more sophisticated. It happened recently with the fake messages from the courier company MRW, for example.
As we mentioned in the past, when faced with these calls, the important thing is not to do anything urgently. Roman Ramirez (@patowc), cybersecurity expert and organizer of the RootedCon event, explained that the important thing in a call of this type is that “people cool down and do nothing immediately”. Criminals try to manipulate our cognitive biases and convince us that we must act quickly and without thinking.
Yet that is precisely what we must not do. We must have common sense and not make any immediate decisions. As soon as we take a minute to analyze the problem, we will realize that this problem almost certainly does not exist. However, be careful with these scams, because they are certainly becoming more and more dangerous.
Vïa | EuropaPress
Reference-www.xataka.com