Security
  • Security
  • Avoid the new traps used by cybercriminals

Cybercriminals know that users are most vulnerable to their attacks during times of change and transformation. With the onset of the global pandemic, for example, they took advantage of the fear caused by the public health emergency, and used the coronavirus as bait for their cyberattacks

With the merger between CaixaBank and Bankia, the millions of customers must be more alert than ever to possible scams targeting them, since there are an increasing amount of attacks that impersonate CaixaBank and Bankia.

The messages used by cybercriminals are evolving, as they tailor them to the current merger process and to customers' day-to-day lives. The transition from Bankia's old online banking system to the CaixaBankNow app is now the main bait for their scam messages.

How can you identify these attacks?

These scams can use multiple routes of attack, even combining more than one to try to gain the victim's confidence. Whether by means of emails, fake SMS or fraudulent calls, cybercriminals usually always try to create the feeling of urgency with the victim with highly relevant arguments. They invite you to click on an illegitimate link in order for the victim to enter confidential details on a false website or to download malware. Once the user enters their details, they will be in the hands of the cybercriminal, who can use them to steal their identity to, for example, try to access their online banking. 

 

These attacks can also look very different: with a mistake in the text, or without a single spelling mistake; with fake CaixaBank and Bankia logos, or the real ones copied from legitimate websites. But don't fall into the trap of believing that scam messages always have poor spelling or look strange. Cybercriminals continue to improvise and create messages that are increasingly difficult to spot. 

How can you avoid them?

Users must learn to carefully analyse all communications they receive before opening any link or attached document or disclosing information to third parties by any means, following these key points:

The golden rule to avoid falling for this type of scam

Log in to CaixaBank Now only from the official app or via www.caixabank.es.

Remember that neither CaixaBank nor any other legitimate company or institution will ask its customers to disclose their login passwords for their online banking or online services. You must never share your passwords, your personal details or your phone number with anyone.

If it is an urgent message, stop: think twice

Cyberattacks usually inform users, via SMS or fake emails (smishing and phishing, respectively), that their bank accounts have been blocked. This is something that causes great concern for the user and may cause them to click or disclose information without considering whether the message makes sense

So before doing anything, think: Does it make sense for my bank, this person or any other company to send me this message?

Is the sender who they say they are?

The body of the message, the subject, the signature, the logos, etc., can all be easily manipulated in a phishing email to impersonate any person or institution, such as CaixaBank. Even the sender, the address from which the email is sent, can be manipulated and display a very similar address or even the same as the bank's actual address. 

The same is true for fake SMS. Both the text of the message and the phone number that appears on the screen can be manipulated and show one that is very similar or the same as the legitimate telephone number. 

So the first thing you should do is carefully check the sender's email address or number to rule out any possible manipulation.

Watch where you click

To ensure that links are legitimate, check where they lead before opening them.  If they are in an SMS, the safest option is to access the information offered through the app itself or the website of the service.

Clear up any doubts

If you cannot be 100% sure of the legitimacy of a message, whether it comes from a friend, a colleague or a company, before clicking on links or annexes, it is always advisable to contact the sender via another official channel (by telephone, for example) to confirm the authenticity. This way you can determine if the message received is genuine or not.

And if you detect suspicious transactions in your account or you have provided your details in what you think is a fraud campaign, contact your branch manager immediately or call the customer service helpline 24 hours a day at 93 887 25 25/900 40 40 90 or +34 938 87 25 25 if you are abroad.

Don't forget: Only log in to CaixaBankNow from the official app or via www.caixabank.es. CaixaBank will never ask you for personal or bank details or your phone number by email or SMS.