The National Cybersecurity Institute (Incibe) has warned, through its website, of the discovery of new security campaigns smishing through which a group of cybercriminals intends to take over your personal and banking data. To do this, and as is common in this type of attack, those responsible for the scam pose as a reputable institution or a trusted company with the aim of robbing you without raising any suspicion.
On this occasion, and as usual, they have chosen banks. Despite the fact that this time they impersonated BBVA, they could send similar messages impersonating any other bank. For the same reason, and if you receive a message like the one that we are going to analyze below, we recommend that you do not follow its instructions and that you throw it directly in the trash to avoid problems.
This is how scammers work
In the first place, those responsible for the attack send you an SMS that can vary depending on who sends it to you in order not to raise any kind of suspicion. To date, the Incibe has detected a total of five:
- “BBVA: Your account has been temporarily blocked for security reasons. To reactivate it, log in from the link:…”.
- “INFO: A new unauthorized access is connected to your online banking. If the device is not recognized, check immediately:…”.
- “A new unauthorized access is connected to your bank. If the device is not recognized, check immediately:…”.
- “INFO: Dear customer, activity has been detected in your online banking, we ask you to access our website safely:…”.
- “BBVA INFO: We have detected unusual activity on your account, and for security reasons it has been temporarily blocked. Check your details at …”.
Different message models that have the same purpose: click on the link that appears below. If you follow their instructions, you will be redirected to a website that tries to impersonate the official website of BBVA. As usual, scammers will ask you to provide your personal data in order to gain control of your account and attack you without raising suspicions. Among other things, they will ask you for your ID number and the password to access the account.
Tips not to fall into the trap: these are the steps to follow
And how can we protect ourselves against this type of fraud? BBVA recommends that we do not provide personal or banking information on those web pages that we have accessed from a link included in an SMS. On the other hand, the company asks us to carefully review the links contained in the SMS in question and to observe if it includes strange words or characters.
On the other hand, BBVA reminds its customers that single-use codes are secret and that they will never ask for them by email, call or SMS: “These codes are only requested in the bank’s official applications and in specific processes that require it “. For the same reason, and to avoid being the victim of any type of attack, distrust all those alarming messages or those that have an urgent tone.