Phishing emails, smishing SMS, fake websites, fraudulent calls, external USB devices infected... Separately, any of these routes of attack can be very dangerous, but what happens if more than one is used in the same scam?

There is a new type of fraud that combines false SMS and fraudulent calls to steal bank details and access the victim's online banking. 

Why use two routes of attack in the same scam?

In the fraudulent art of identity theft, the most important thing is to be as persuasive as possible. Cybercriminals know that the more complex the attack is, the more realistic it will appear to the victim and the easier it will be for the victim to fall into the trap.

How do these kinds of scams work?

In the first phase, the user receives an SMS supposedly from CaixaBank encouraging them to click on a link. To make it less suspicious, cybercriminals are able to trick your device into putting their false message after the legitimate messages you have previously received from CaixaBank, in the same SMS thread.

Upon following the link, a false website appears that mimics CaixaBank's website, requesting the user enter personal details such as their username, password and telephone number.

If the user sends the requested details, they receive a call from the cybercriminal, pretending to be a CaixaBank adviser. To make it even more complicated, the fake number that appears on the screen is very similar or even the same as a legitimate number of the bank. 

If you want to know all the details of this attack, you will find a more detailed explanation on the CaixaBank blog.

How can you protect yourself from this fraud?

  • Remember that neither CaixaBank nor any other legitimate service will ever ask you for your personal details, telephone number or secret access passwords. Don't share them with anyone.
  • You should never click on any links within text messages. It is better to access the information offered through the app itself or the website of the service. In CaixaBank, you can turn on notifications on your phone through the App to receive information reliably and securely.
  • Although this fraud is more elaborate because it combines two ways of attack to appear more legitimate, if you remember that CaixaBank will never ask you to enter personal details, passwords or telephone numbers, you will easily ascertain that it is a scam. Therefore, paying close attention and using common sense are and will always be your best allies. 
  • If you detect suspicious transactions in your account or you have provided your details in what you think is a fraud campaign, contact your branch manager immediately or call the helpline 24 hours a day at +34 938 87 25 25 / +34 900 40 40 90.