Your checking account has been blocked.” “We have detected unusual movements in your app.” “Currently, you cannot use your card; you must activate the new security system”. Who has never received an SMS from their bank with a similar message?
The reality is that no matter how alarmist the message is, surely neither the account, the app, or the card has any problem… unless the user follows the instructions in the message.
Cybercriminals use this one of the tricks to steal money from their victims: “sending you a worrying message pretending to be your bank to share your data.
But how exactly does this scam work, and what tricks are there to avoid phishing and not fall for it?
How Does ‘Phishing’ Work?
Phishing supplants a company’s identity. Hence, its victims share their personal information, such as card numbers or online banking passwords. The goal is to steal the victim’s money. And this technique is the order of the day.
To some, this classic scam may seem too obvious. Many users are so used to receiving fraudulent SMS or emails that it is no longer difficult for them to detect them. So why do they keep using this method? Because we keep biting. And even the most seasoned consumers can end up falling for it. Last year, the Spanish Computer Crime Observatory recorded 267,011 computer frauds, including bank and card fraud.
False messages from the Post Office, the Treasury
But not only banks are in danger of being victims of an attack. Cybercriminals use increasingly sophisticated SMS and emails to impersonate streaming platforms, messaging companies such as Correos or even institutions such as the Tax Agency.
Many consumers have probably received an SMS or an email from the Post Office asking them to pay the customs fees for a supposed package that they must receive. It’s false.
Through these messages, cybercriminals seek to trick their victims into clicking on a link that points to a fraudulent web page that pretends to be that of a legitimate company to provide their personal information or make a payment. No need to click on those links.
Consumers should understand that their bank will never ask them for their passwords through a link received by SMS or email.
These fraudulent pages are made, so the victim believes he is on his bank’s website, the Administration, etc. They use their logos and copy the texts of the original web to confuse it and end up giving their data.
But cybercriminals always leave clues that can help detect that it is a scam.
Tricks to detect a ‘phishing’ attack
If the SMS or email is full of misspellings or appears to be translated from another language, it’s probably fake.
Be suspicious if the sender is unknown or uses free domains like Gmail or Hotmail. Banks and large companies often use their own domains. For example, if a customer receives an email from her bank, the domain will include her name.
In the case of SMS, it is more complicated because sometimes cybercriminals can sneak their fraudulent messages into the real text message thread of the company they are impersonating.
If the message invites you to take urgent action, such as updating personal data or sharing sensitive information, and uses an alarmist tone, watch out.
Before clicking on a link, check where it points to. “The criminals tend to mislead by using addresses very similar to those of the original websites in which only the order of the words or some letter varies,” says Mezcua from HelpMyCash.
Only some phishing attacks come through the mail. The network is full of pages that supplant the websites of banking entities and that we can reach without realizing it.
In fact, if we write the name of a financial institution in a search engine, some fraudulent websites will likely appear in the first positions. Therefore, when entering a page, it is important to check that the URL is correct and is not a copy of the original.
Likewise, suppose the website is half done. In that case, if many links do not work or if, wherever we click, we always end up with a form to enter our data, we are probably facing a phishing attack.