These cases of phishing via SMS, or smishingby its more technical name, are becoming more frequent every day, taking into account that fast messaging mailboxes lack filtering elements of the same level as email, which can cause many of these suspicious messages to arrive directly in the inbox of spam.
Vodafone fraudulent SMS alert
The red operator has a cybersecurity team that ensures the safety of Vodafone customers, but they also issue warnings to the bulk of the population through communications on social networks.
🚨 𝗔𝗟𝗘𝗥𝗧𝗔 𝗣𝗛𝗜𝗦𝗛𝗜𝗡𝗚 🚨
Vodafone’s cybersecurity team has reported the massive sending of this fraudulent SMS. They pretend to be a bank and say that your card has been limited.
✋ If it arrives, do not enter the URL
👮 If in doubt, call your bank pic.twitter.com/YRKPWJdWGW
– Vodafone Spain (@vodafone_es) August 3, 2022
Now they have exposed a new massive sending of a fraudulent SMS posing as a bank, specifically the BBVA bank. Under the excuse and panic that running out of means of payment may cause, the message says that your card has been temporarily limited for security reasons, an argument that could be perfectly valid if you had stolen bank details.
And that is precisely what they do if you follow the link in the SMS. On this occasion, the link has not been worked on much, since it belongs to a customer-service.info domain that you could hardly confuse with BBVA Online Banking and it is not even masked within a link shortener or similar tool. This is the main thing to suspect if you receive a similar SMS from supposed banks, messaging companies, mobile operators or any other type of impersonation: check the URL to see if it is official.
The other remarkable fact of these SMS is that they perfectly impersonate the name of the sender, without a phone number appearing in its place. This makes it more difficult to distinguish the real ones from the fraudulent ones and, faced with the panic generated by the card blocking situation and the apparent valid sender, click on the link without verifying it.
Waiting for the Google security system
A few days ago we told you that Google is testing a solution that focuses on SMS verification to screen real ones from those that imply some kind of impersonation.
This new system will be key to being able to identify those SMS that we receive that may be dangerous for our security or that of our mobile device. When we receive a message from a company that registers with Google, Google converts the message into an unreadable authenticity code and compare this code with others that the same company has sent. If they match, then Google will verify that the message is from a secure source.