ataques-phising-smishing-vishing.jpg

ATTENTION: Cybercriminals are starting to carry out 3 attacks in 1... Find them out


03.09.2021

Escrito por: Bankinter information security


These days, we receive a large number of emails, phone calls and text messages throughout the day. This amount has increased exponentially with the arrival of teleworking during the pandemic and the connectivity that exists between companies and people.

Sometimes, it's only natural to stop paying attention to these interactions and to provide an opening for social engineering and cybercriminals.

Both Government Security Forces and Bodies and various companies and customers are reporting a growing number of fraud attempts through the traps of phishing, smishing and vishing. Cybercriminals are even starting to carry out 3 social engineering attacks in 1 as we demonstrate below:

1. First they send an SMS to the customer under the fake name “Bankinter”and using a number that is not related to Bankinter. In addition, they provide a link to a fake Bankinter website (smishing).


smishing-ejemplo.png

2. Clicking on the link takes you to a fake website which will copy some kind of additionalinformation such as the mobile number you should send credentials to (phishing).


phising-ejemplo.pngphising-ejemplo2.png

  

3. Finally, once they have got the mobile phone number they call customers impersonating the Digital Security Department to request the OTPs and bank card codes (vishing).

How do I avoid these types of social engineering attacks?

Below, we have compiled a series of tips to help you avoid falling victim to fraud:

  • Have you heard of the company? If you've never been a customer, watch out for messages that start with "Dear customer."
  • Is the sender legitimate? Look at the e-mail address and the URL that the message is asking you to click on.
  • Dubious spelling, grammar, and reasons. It is highly unlikely that a real company will make these mistakes.
  • Do not talk to strangers on the phone, as they will try to manipulate you.
  • If at any point you feel uncomfortable or suspicious, don't try to be polite. If in any doubt whatsoever, hang up the call.
  • Do not provide any personal data over the phone unless you have called the official number and never provide your password.

Remember that customers have access to an e-mail address where they can send these kinds of queries or report these types of social engineering attacks: [email protected]

Remember… security is everyone's business.

BK-167x150_cuentanomina.jpg

¡NUEVO CANAL EN TELEGRAM! Suscríbete ya y recibe en tu móvil noticias y consejos para mejorar tus finanzas.

Suscribirse

Introduzca su correo electrónico para suscribirse.

Introduzca un correo electrónico válido para suscribirse
Por favor, seleccione resumen diario o semanal
simpleCaptcha
Rellena el captcha correctamente
Por favor escribe las letras de la imagen superior.
Debe aceptar la Cláusula de Protección de Datos