In the last hours it has been detected a new campaign of phishing via SMS that impersonates banking entities, in this case Banco Santander and Caixabank, informing potential clients of a problem with their bank accounts. Something flatly false.
The message that impersonates Santander He says: "Your account has been temporarily blocked for security reasons to activate it you can access safely from: [URL]". The fact that impersonates the Catalan bank It is similar, although it has more errors: "Caixabank: We regret to inform you that your account has been deactivated. For your security we ask you to complete the following verification: [URL]".
This 'phishing' campaign seeks to gain access to our bank accounts by posing as Caixabank and Banco Santander
Click on the addresses that appear, something that we should not do, will take us to fraudulent web pages that pretend to be the legitimate ones of the banking entities and invite us to enter various sensitive data in order to gain access to our accounts. Nothing new unfortunately, although it is not as sophisticated a scam as Flubot's.
How to improve INTERNET SECURITY: VPN, DNS and pages with HTTPS
The objective is the access credentials and verification codes
Presenting themselves in a similar way to the Caixabank and Banco Santander websites, these fraudulent pages ask potential victims both the access credentials, username and password, as well as the verification code that we receive by SMS by our bank to confirm that we are indeed the ones who are trying to access the bank on-line.
The receipt of the SMS with the verification code after having entered the access data It could lead some people to believe that they are in front of the real pages of their banks, but this is not the case and we should not provide any type of data. If we receive an SMS, this time from our bank, it is because with the information provided to the page phishing the attackers are trying to log in.
Before the slightest doubt, it is a fantastic idea to try to confirm with the sender of the message, through other means, if the received is legitimate
As explained by Banco Santander, which has a specific website to inform its customers about the dangers of marketing campaigns. phishing, We must be wary of alarmist matters such as those of these text messages and the request for personal or banking data. We must also look at the wording and spelling, as well as the links before clicking.
And, in any case, as always and with the slightest doubt, try to confirm by other means if said SMS (or call, email ...) is legitimate, for example, by calling our bank.