If you are not a user of the Banco Santander entity, you do not have to worry about this news. But if you are, then you should be careful if you receive an email with the characteristics of the one we reproduce here. And it is that a campaign to send fraudulent text messages that impersonate banks such as Santander has been detected.
The objective? Directing the victim to a fake website to steal their access credentials and banking information, with the excuse that they have a new security service available for their clients that they must apply. The classic phishing scam, but one that continues to pay off for cybercriminals.
They will not close your account
From INCIBE, the Spanish National Cybersecurity Institute, has been detected in the last hours ora campaign to send fraudulent emails of the phishing type that try to supplant the financial institution Banco Santander. In the identified campaign, the email has as a subject:
‘Your account has been blocked for your security’
In the body of the message, the user is told that the alleged bank has made several attempts to physically contact the user, and that since they have not been able to, they send this notification by email, and that it is necessary to confirm the account information to unlock it.
What happens if you click on the link that the email brings? That leads you to an alleged page of Banco Santander, but in reality it is a false website (web spoofing) whose sole purpose is to capture your data. After entering the identification code and the access code, clicking on ‘Enter’ takes you to a page in which the user is asked for their signature.
No attachments or links
When entering the signature and clicking on ‘OK’, it will ask for the phone number. And once introduced, in addition you must enter the SMS password which was supposedly just sent to the phone number provided. Enter it or not, in any case “Cybercriminals will already have the bank account information in their possession provided in the previous steps.”
If you have received this email, delete it on the spot, and remember that as advised by INCIBE, if the email comes from a legitimate bank, “it will never contain links to your login page or attachments. “