Today, practically all banking entities have electronic applications to carry out so-called electronic banking operations. The veteran Caja Rural is one of them, and its electronic banking is called Ruralvía, which any employee, freelancer or company that is a customer of the bank can access. If this is your case and you use it, be careful with the following notice.
Phishing emails in Ruralvía
The experts of the INCIBE (National Institute of Cybersecurity) they have detected a campaign to send fraudulent phishing emails that try to impersonate the ruralvía financial institution (Caja Rural).
In the identified campaign, the email has as subject: “Email notifications about activities…:”. And in the body of the message, the user is asked to update their information about their professional and / or commercial activity, and that in case of not updating it, access will be limited to “Open line”.
According to INCIBE, this is how the scam works:
- By clicking on “Update information”, the link takes you to a supposed ruralvía page (Caja Rural), but in reality it is a fake website (web spoofing) whose only objective is to capture your data.
- After clicking on “ACCEPT”, the link takes you to a page that will request the following bank details: card number, expiration date and security code (CVV).
- After entering these data and clicking on “ACCEPT”, You go to a page that will ask for the signing key.
- Once the signature key has been entered and click on the “CONFIRM” button te will take you to a page that will request a verification key, which will be sent to the phone that had previously been entered.
- Once the personal data and the verification SMS code have been entered, It redirects you to the real Caja Rural page and your data will be in the hands of cybercriminals.
Remember that if you receive an email from a bank or other company, you should never access from the link that appears in the email. To do this, do it directly through the customer area.