Phishing emails, smishing SMS, fake websites, fraudulent calls, external USB devices infected... Separately, any of these routes of attack can be very dangerous, but what happens if more than one is used in the same scam?
There is a new type of fraud that combines false SMS and fraudulent calls to steal bank details and access the victim's online banking.
Why use two routes of attack in the same scam?
In the fraudulent art of identity theft, the most important thing is to be as persuasive as possible. Cybercriminals know that the more complex the attack is, the more realistic it will appear to victim and the easier it will be for the victim to fall into the trap.
How do these kinds of scams work?
In the first phase, the user receives an SMS supposedly signed by CaixaBank encouraging them to click on a link. To make it less suspicious, cybercriminals are able to trick your device into putting their false message after the legitimate messages you have previously received from CaixaBank, in the same SMS thread.
Upon following the link, a false website appears that mimics CaixaBank's website requesting the user enter personal details such as their username, password and telephone number.
If the user sends the requested details, they receive a call from the cybercriminal, pretending to be a CaixaBank adviser. To make it even more complicated, the fake number that appears on the screen is very similar or even the same as a legitimate number of the bank.
If you want to know all the details of this attack, you will find a more detailed explanation in the CaixaBank blog.
How can you protect yourself from this fraud?
- Remember that neither CaixaBank nor any other legitimate service will ever ask you for your personal details, telephone number or secret access passwords. Don't share them with anyone.
It is advisable not to click directly on SMS links. It is better to access the information offered through the app itself or the website of the service.
Although this fraud is more elaborate because it combines two ways of attack to appear more legitimate, if you remember that CaixaBank will never ask you to enter personal details, passwords or telephone numbers, you will easily ascertain that it is a scam. Therefore, paying close attention and using common sense are and will always be your best allies.
If you detect suspicious transactions in your account or you have provided your details in what you think is a fraud campaign, contact your branch manager immediately or call 900 40 40 90.