The Bank of Spain has warned of a type of fraud, known as 'spoofing', in which criminals use SMS and known bank numbers to impersonate the banks and access private user information.
'Spoofing’ joins 'smishing' as yet another scam some bank customers are exposed to. Smishing is when fraudsters send an SMS pretending to be the user's bank with the aim of stealing private information or making an economic charge, usually attaching a link to a fraudulent page in the message.
The Bank of Spain warns that cybercriminals are using "more sophisticated techniques" in that they not only pretend to be someone they are not, but also imitate the bank’s usual contact channels.
As a result, it is possible that a spoof SMS appears in the same section "where other real SMS had previously arrived" as if from the bank itself and it is also possible that the mobile phone number from which the message is sent is replaced with an alphanumeric text that appears to be the bank’s name.
"This technique, known as 'SMS spoofing', is carried out through various web pages and mobile applications that allow SMS to be sent from an unknown source, supplanting a known identity with relative ease," the Bank of Spain said.
Spoof calls that appear to be from the bank can also be made by fraudsters.
For SMS, some mobiles incorporate 'spam' detectors and block this type of message. The Bank of Spain also warns that a real bank would never ask for passwords over the phone or by SMS.