To try to trick the customers of a financial institution, cybercriminals make use of their most effective weapon: social engineering. This consists of criminals psychologically manipulating victims to carry out certain actions, either by clicking on malicious links, downloading infected files or revealing confidential information.

In order for these attacks to succeed, criminals need bait, a compelling and attractive message that can generate interest and a sense of urgency for the victim. These messages are constantly renewed and adapted to current topics.

For example, since the start of the global pandemic, attacks with subjects related to coronavirus have intensified. Annual income tax returns also provide a perfect window for deception. Similarly, when the merger between CaixaBank and Bankia was announced, criminals began to use this to try to deceive their victims. As such, it is essential to always act with the utmost caution.

How do people fall for these scams?

  • Phishing emails
    To make customers trust fraudulent emails, cybercriminals often impersonate financial institutions by using social engineering. They persuade the victim to click on a malicious link that infects their computer, usually opening a fake page that mimics that of his or her bank, subsequently intercepting his or her user name and password for access to digital banking.
  • Smishing Messages
    This type of scam uses SMS or WhatsApp instant messaging to trick customers into providing their user names and passwords for digital banking, to infect their devices, or to call a number that charges by the minute, for example. As with phishing attacks, fraudsters may impersonate the bank to make customers believe that they have received an urgent payment claim, for example.
  • Vishing calls
    Posing as bank managers, cybercriminals telephone customers to tell them about an interesting product, a problem with their account or any number of other potential issues. Seeking always to create a sense of trust, the scammers urge the victim to provide confidential information in order to carry out fraudulent operations on their behalf.

How can we protect ourselves?

  • Check any message for its coherence:
    When you receive a new message, regardless of the channel in comes through, always assess its coherence before taking any other action: "Does it make sense for my bank, this person or any other company to send me this message?" Unexpected gifts and urgent requests should always be considered suspicious, especially when the subject line is particularly topical.
  • Consider who the sender is:
    When you receive a new e-mail, before opening any attachments or links, it is essential to analyse the sender's email address in detail and not just trust the name of the sender or the signature at the bottom of the message.
  • Check the links:
    To ensure that any links are legitimate, check where they lead before opening them. If the links are in an email, you can pass the cursor over the link without clicking on it to preview the website address. If possible, type the web address of the site directly into the browser and avoid clicking on the link.
  • Never reveal passwords:
    Neither CaixaBank nor any other legitimate company or institution asks its customers to disclose passwords for digital banking or online services. You should never share your passwords with anyone.
  • Still suspicious?
    If you have doubts about the legitimacy of a message, whether it comes from a work colleague, a friend or a company, it is always advisable to contact the sender via another channel (by telephone, for example) to confirm.

Use common sense: the best defence against social engineering

If you receive a message with an urgent subject line that encourages you to open an attachment or click on a link, you should be suspicious and contact the relevant entity first to confirm that the request is legitimate.

Digital scams only work if the victims allow themselves to be fooled and perform the action the criminal wants, something very difficult to achieve if precautions are taken and the recommended security measures are applied.

For this reason, constant learning and common sense are the best tools to ensure a more secure digital life.