The new face of fraud: three new scams draining bank accounts

The methods used by hackers are becoming increasingly elaborate, which often leads people to fall into their trap: handing over personal details, account information and even usernames and passwords.

Cybercriminals have managed to take things a step further with tools that are increasingly adept at mimicking the bank with which customers usually operate on a daily basis.

Whereas previously customers were clear that they should not provide sensitive details in response to certain types of calls or messages, now this trap is presented as if it were the bank itself. Cybercriminals are even catching the banks off guard with tactics previously unheard of.

The scam is so advanced that some hackers and fraudulent platforms manage to infiltrate the list of text messages (SMS) received by a customer, as if they were the customer's regular bank. In other words, they appear in the list of messages that a user has already set up and trusts to be from their bank. Because, in theory, these are the messages that only their bank should be sending them.

They almost always message to warn of an 'imminent payment' that is about to be debited from the bank account, for an amount that is usually very high. This warning is already cause for concern for the customer, but it becomes an even more realistic warning when that charge comes from a company or platform they would usually use, such as a well-known hotel booking site or a budget flight app.

In this type of message, the scammers provide a phone number for the customer to call to clarify the situation. That is the trap you must avoid, it is a mobile phone number that has nothing to do with the company itself and which will likely lead to a call in which you are asked for all sorts of personal details so that they can take control of your account and carry out the scam.

Another of the new tricks used by fraudsters involves asking for a small favour that is commonplace among mobile phone users: an app update. This type of request is a common occurrence across all kinds of platforms, as they regularly update their services to incorporate new features.

The problem arises when this update is requested with motives very different from those the bank would normally have. The scam begins with an SMS text message and a fraudulent phone call alerting you to a suspicious transaction, a large transfer or an alleged security issue.

Using this excuse, the 'hacker' asks you to install another 'app' from the bank, which is actually fake, and may request unusual actions such as holding your card close to your mobile, allowing them to carry out transactions in your name and putting your own savings at risk.

To avoid this, only download official bank apps and avoid any suspicious links or downloads via call or text. Banks will never ask for a pin, CVV or any signature keys. And most importantly: never share personal details or login credentials for online banking or cards.

The third of the latest strategies employed by hackers involves impersonating an email address different from the one the user usually uses to communicate with their bank. This is designed to deceive long-standing customers.

The strategy involves sending an email that includes all the usual identifying features of the bank (the logo. brand name, font, the advertisements, etc.) to simulate a change of email address through which, from that point onwards, the bank will maintain communications with the customer. However, to do this, certain actions are required, such as requesting personal identification, passwords and everything else needed to carry out this change.

To make matters worse, the company asks the user to delete their previous email account and add the new email address to their 'trusted' folder.