The WhatsApp of 20 years ago, text messages or SMS seemed doomed to disappear forever in the reality of smartphones and messaging applications. But lo and behold, they have found a second life, and are widely used today to, for example, receive delivery notices from a courier agency, digital payment checks, or messages from your bank.
But what if those SMS from your bank are not true?
Smishing with BBVA
INCIBE (National Institute of Cybersecurity) He has detected “a campaign to send fraudulent SMS, smishing, that try to impersonate BBVA “. The detected SMS reports that the account has been deactivated and request that the employer or worker “click on a shortened link to verify information “, pure social engineering without a doubt, to see if it sneaks.
In the malicious campaign that impersonates BBVA, the message is the following – such as:
“We regret to inform you that your account has been deactivated. For your security we ask you to complete the following verification”.
The message then provides a external link that redirects to the fraudulent website that imitates that of the bank BBVA, where they request the user access data -the NIF and the access code that you use on the BBVA website if you are a client.
The link redirects to the fraudulent website where the user access data is requested. If the online banking access data is entered, “eOn the next screen your card details will be requested “.
They will never ask for your data this way
Once the card details have been provided, cybercriminals request the phone number. In the last step, a supposed key received by SMS is requested. And after entering the supposed password, after a confirmation screen, it redirects the user to the legitimate BBVA website.
Once the data has been entered, they will be in the possession of cybercriminals, and they may carry out fraudulent actions with them. If you have provided them with all your information, contact your entity as soon as possible.
And we do not get tired of repeating it, because it is always good to remember it: A company, bank or service It will NEVER ask you for private data, much less passwords in this way, by email or SMS message.
And if you are not sure, contact customer service directly – in this case the banks involved despite yourself – and ask. You will see how they respond that those messages are not theirs.