Cybercriminals never stop and are always looking for new ways to defraud people, or rehash old ones which have worked in the past. Now, Spain's National Cybersecurity Institute is warning of a new attempt at ‘smishing’, where criminals send text messages (SMS) purporting to be from Bankinter or BBVA banks. The Institute says similar messages may appear to come from other banks, as well.
Smishing is similar to ‘phishing’: the criminals are trying to obtain personal information such as passwords, credit card numbers, bank account details and other sensitive and confidential information which they will use to commit fraud or theft.
This is not the first time they have used the name of Bankinter and BBVA, but on this occasion the experts have identified different messages. These messages normally say that unusual access has been detected on your online banking account, or your card has been blocked, and they want you to click on a link to sort the problem out.
The links lead to a website that looks like the bank’s, but once the customer puts their access details in the criminals can get into their account and use it. They also have all the personal and bank details of the person affected.
The Cybersecurity Institute says anyone who receives an SMS of this type should ignore or delete it, and never click on the link or download any application.
If someone does click on the link and put their bank account access details in, it is best to change the password for the online banking immediately, and contact the bank to inform them of what has happened. Also, take a screenshot of any messages and save emails etc as evidence when you report the matter.
To avoid becoming a victim of these frauds:
• Never open links in text messages from unknown users; delete the messages immediately.
• Never respond to a text message of this type.
• Be very cautious about opening links or downloading attachments from emails, messaging apps and social media, even from known contacts.
• Make sure your operative system and apps are always up-to-date.
• Check the URL of the website. If there is no safety certificate or it does not coincide with the website, never provide any personal or bank information.
• If in doubt, contact the company or service directly to check, or report it to the police or the Cybersecurity Helpline.