Cybercriminals always attack looking for financial gain. Regardless of whether they are hijacking a company with a virus, or trying to trick users into revealing their online banking credentials. The latter is quite common in phishing-type threats, in which criminals impersonate a third party, such as a well-known company or a banking entityand use social engineering so that the Internet user inadvertently delivers their personal data: passwords, bank card number or access codes, among other things.
These types of scams, especially ones where criminals pose as banks, are quite common. Just a few days ago, the Civil Guard launched an alert through its social networks after detecting a new malicious campaign in which criminals sought to attack, specifically, users of the Santander Bank and of the BBVA. In this case, the criminals tried to deceive the Internet user through an email in which they were tricked, with the excuse of an unpaid bill, into downloading a type of virus capable of stealing their personal information.
Despite the fact that, in this case, the campaign is carried out by email, there are other cases in which criminals resort to other means, such as SMS, fake web pages or WhatsApp, to deceive the user. Below we share everything you must take into account so as not to fall into any of the traps that try to set you up.
The goal: worry
Indeed, bank scams can develop in several ways. Cybercriminals also resort to various pretexts in your messages. Over the years, we have seen cases in which the user is informed that a security problem has caused their account to have been blocked, we have also come across others in which they are told that they have an invoice to pay. The tweets collected below show some examples in which you can see the appearance of these scams.
you get a #sms ✉ supposedly from your bank saying that they have made a refund and that clicking on a link you will see it
You let yourself be carried away by emotion… et voilà! you have stung ????
They only want your data, do not click on links of unknown origin #Phishing #NOPICS pic.twitter.com/LWRWLnwu0X
– National Police (@police) May 26, 2021
2021 mail scam posing as BBVA
Be that as it may, the objective is always the same: to alert the Internet user so that they act quickly, without thinking twice, and click where they should not or end up sharing their access information to online banking or their credit card, simply, responding to the communication of the criminals.
There are even cases in which criminals go further and design fake pages, which are almost a carbon copy of the official ones of the entities they impersonate. Usually, incorporate the access links in the emails or SMS in which they start the scam and are usually aimed at convincing the user to fill in their details and deliver them. They have fields inside for it.
check the mail
To find out if it is a true communication, it is important to look at the domain from which the email is sent and see if it corresponds to the official who, supposedly, you have contacted. A communication from Banco Santander will always come from an official email of this entity.
Another thing that cyber-scams often have in common is spelling and writing errors. Likewise, there are cases in which the communication is carried out in a language that is different from that of the user, something that, depending on who the third party is, might not make any sense.
When in doubt, distrust
All cybersecurity experts recommend caution before interacting with any communication that apparently comes from a bank. One of them is José de la Cruz, technical director of the cybersecurity firm Trend Micro in Spain, who in conversation with this newspaper has made it clear on many occasions the importance of the user distrust by system.
“It is very important to use common sense. In the case of scams that try to steal the user’s bank account, it must be known that banks do not contact the client through emails or via SMS to ask for their credentials. It is something very rare. I would say that it does not happen with any entity, “says the expert.
In the event of the slightest doubt about the veracity of a communication, the Internet user must try to contact the entity that supposedly sent the message through a different channel. Either through a phone call or an email to an official bank account. You should never respond directly to the message that has been received and that causes doubts.