Several users have reported the receipt of text messages or SMS in which they appear Banco Santander and BBVA and that respond to a fraud called ‘smishing’, with which cybercriminals seek to access confidential information of their victims.
As reported by some users through Twitter, they have received SMS messages informing that it has been unauthorized access to the bank account has been detected, which is why they must click on a link to fix it.
Other clients of these banks, on the other hand, have received an SMS in which they are alerted that they have tI have to close your bank account due to an update. To unblock it, they must follow a seemingly secure link that actually belongs to a Russian website. However, some users have noticed this problem because they have received messages from banks from which They are not clients nor do they have any type of account in their branches.
As a differential feature of this campaign, the fact that the Fraudulent SMS messages are included in the message thread used by legitimate entities to communicate with your customers, such as to authorize purchases, thanks to the use of malicious techniques that mask the real number.
Due to these complaints, since BBVA have reminded that they will not send SMS with links or request passwords or personal data this way. They have also recommended that customers delete these messages if they receive them.
For its part, Banco Santander has indicated that, in such situations, It is best to protect the sensitive data requested through these SMS and, in case of doubt, contact the sending company or administration through their official channels and addresses. In addition, it has pointed out that it is not advisable to click on the links of web pages that are sent via instant messaging or SMS. Instead and when in doubt, a specific page must be accessed directly through the browser or a search engine.
What is the ‘smishing’ method?
Despite the fact that, until recently, the most used method to steal personal data was ‘phishing’, through emails, smishing has become one of the most common today. Its name derives from the medium with which the attack is carried out, the SMS.
This fraud, which is also called ‘SMS Spoofing’ (identity theft by SMS), is carried out by sending a message in which it is communicated that the recipient has obtained a prize or that there is a problem with the data from your bank.
Unlike ‘phishing’, where most of the fraudulent emails are filtered through the spam folder e-mail attacks, ‘smishing’ are characterized by having a more sophisticated technique.
Instead of being blocked, these SMS messages they are added to the same thread of the legitimate messages of the bank to which the user belongs. Thus, if you have received prior notifications (for example, when you receive an authorization link in an online purchase process), they are shown below.
This communication includes information so that the user calls a certain telephone number to carry out a specific procedure or click on a link outside the bank. If you agree, cybercriminals will be able to obtain your personal data, such as your account number or your ID.
Ricardo is a renowned author and journalist, known for his exceptional writing on top-news stories. He currently works as a writer at the 247 News Agency, where he is known for his ability to deliver breaking news and insightful analysis on the most pressing issues of the day.
