Although the modus operandi of the scammers drinks from other scams seen previously, in this case they add an extra that could be definitive for the victim to fall fully into the scam. For this reason, we believe it is convenient to review the basic tips to avoid falling into it.
What is this new scam about?
We have already said that the methods used by cybercriminals are not technically new, although it does seem somewhat newer mix two scam methodologies only one. And they take advantage of smishing (usurping the identity of an entity by SMS) and vishing (usurping identity by phone call).
🚩8 arrested in #Madrid, #Saragossa, #Valencia Y #Ourense for defrauding almost €3,000,000 posing as banking entities
They used techniques #smishing Y #vishing to illegitimately access victims’ bank accounts via SMS and phone calls pic.twitter.com/NNdXLB6kVt
— National Police (@police) October 11, 2022
First, the victim receives a message alerting them to a suspicious access to their bank account. In this, a link is added that, supposedly, leads to an official page of the bank in which certain data must be entered to ensure the security of the account. Far from being real, it is a page created by scammers in order to obtain the key data with which to access the victim’s account.
As if this were not enough, the Police warn that the scammers also they make calls pretending to be the bank to give greater truth to the matter. Identical data is requested in these calls, always with the excuse of protecting the victim’s account, the real objective being quite the opposite.
What is really dangerous is that techniques are used with which they are capable of being identified by mobile phones as the bank. Therefore, the victim has that false sense of security and is facing a real problem with her bank. However, the consequences can be serious.
According to reports the police, eight members of the band who were performing in cities such as Madrid, Valencia, Zaragoza and Orense have been arrested. Nevertheless, the operation is still opensince there are several members left unstopped and therefore the scam could still be active.
Basic tips to avoid falling into the trap
Knowing about this case is enough to distrust any message or phone call reporting problems with the bank account. However, we can apply the usual advice to avoid being scammed by SMS and know the best ways to protect yourself against call-related scams.
- always distrust before any message or call you receive. Even if the mobile tells you that the call belongs to your bank and even appears in the same message thread that you have with the entity. There are mechanisms by which this verification system can be circumvented, so it is not something that can be trusted one hundred percent.
- Be the one who contacts the bank through an official channel. Either through your verified phone or by going to a branch. Inform them of the reception of the message and/or call so that they can assure you that it is not a real communication on their part and, by the way, they can have the record to take action on the matter.
- never call back if the number is not trusted.
- Use a call filter to help you identify when it is a scam. While it may not be enough, it can be very helpful.
- Do not give your personal data in a phone call or enter them on any untrusted page. And much less the access data to the bank account. If it is you who calls knowing that the number is trusted or you have entered the bank’s official website on your own, there will be no problem doing so.
- Add a two-factor authentication system to your bank account. The vast majority of banks have systems like this that can be activated from their apps, although if you have any questions, you can contact them for help. This will make it difficult for fraudsters to carry out operations even when they have your data.
- Don’t install dubious appssince some SMS scams require you to download an alleged bank app that is really not.
- Complaint to the authorities in case you have been a victim. It is also important that you contact your bank in case you have given access to your accounts to fraudsters, so that they can be aware of it and cancel possible movements that are made without your authorization.
Thus, following these tips you should not worry. Unfortunately, scams of this type do not stop and being cautious and having the best knowledge about them is the best way to avoid being a victim.