Agents of the National Police have detected an elaborate form of bank fraud that combines the use of false SMS – which simulate sent by the victim’s bank – and subsequent telephone calls from alleged employees of the entity to perfect the scam.
The modus operandi begins with the receipt of SMS in which the victim receives an alert, apparently from his financial institution, with the following text: “We have detected suspicious access attempts to your account. You must activate your web security system or your account will be blocked ”. The messages can have certain variations, but always include a link so that the victim can access their bank directly. However, this link actually leads to a false page where they ask for your banking and personal information, as well as the username and password to access your online banking and a contact telephone number. In addition, they warn their victims that they will receive a call to perform the appropriate security checks.
Once the data is in their possession, the cybercriminals call their victims posing as employees of their entity. In some cases, the call may show a legitimate bank phone number, although it is actually a “mask” that hides the phone number from which the call is actually made. In this call they inform the victim that there are suspicious movements in their account. To resolve this situation and reverse the alleged fraudulent operations, it requests the electronic signature keys with which it usually operates. While they speak, and to give more credibility to the deception, they can issue new SMS informing them of the supposed steps they are taking or simulate that they are transferring the calls to other departments. With this elaborate process, criminals get full access to their victims’ online banking and can make payments and transfers while maintaining communication with the scammed, from whom they request the necessary keys to authorize operations.
The first rule that we must not forget is that secret keys or personal data should never be provided through any channel. Financial entities can communicate with their clients if any verification is necessary, but in no case will they request secret keys, bank details or sign retrocessions of operations. In case of doubts about the authenticity of the call, it is better to hang up and be ourselves the ones who initiate a new communication with our bank through the contact number normally used.
In addition, we must be especially cautious with the SMS or emails we receive and pay attention to the links they may include, since in cases of fraud it never redirects to the official website of the bank. In addition, these SMS usually contain misspellings or meaningless phrases.
Another effective measure so that our data is not compromised is not to access online services that require the exchange of private information or carry out banking procedures from public devices or that are connected to public Wi-Fi networks.
If you receive an SMS these characteristics, it is very important not to provide any information or click on the links it contains or download attached files. The best option to preserve our security is to ignore it, eliminate it and in case of doubt contact the customer service of our bank.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.