These days, we receive a large number of emails, phone calls and text messages throughout the day. This amount has increased exponentially with the arrival of teleworking during the pandemic and the connectivity that exists between companies and people.
Sometimes, it's only natural to stop paying attention to these interactions and to provide an opening for social engineering and cybercriminals.
Both Government Security Forces and Bodies and various companies and customers are reporting a growing number of fraud attempts through the traps of phishing, smishing and vishing. Cybercriminals are even starting to carry out 3 social engineering attacks in 1 as we demonstrate below:
1. First they send an SMS to the customer under the fake name “Bankinter”and using a number that is not related to Bankinter. In addition, they provide a link to a fake Bankinter website (smishing).
2. Clicking on the link takes you to a fake website which will copy some kind of additionalinformation such as the mobile number you should send credentials to (phishing).
3. Finally, once they have got the mobile phone number they call customers impersonating the Digital Security Department to request the OTPs and bank card codes (vishing).
How do I avoid these types of social engineering attacks?
Below, we have compiled a series of tips to help you avoid falling victim to fraud:
- Have you heard of the company? If you've never been a customer, watch out for messages that start with "Dear customer."
- Is the sender legitimate? Look at the e-mail address and the URL that the message is asking you to click on.
- Dubious spelling, grammar, and reasons. It is highly unlikely that a real company will make these mistakes.
- Do not talk to strangers on the phone, as they will try to manipulate you.
- If at any point you feel uncomfortable or suspicious, don't try to be polite. If in any doubt whatsoever, hang up the call.
- Do not provide any personal data over the phone unless you have called the official number and never provide your password.
Remember that customers have access to an e-mail address where they can send these kinds of queries or report these types of social engineering attacks: email@example.com
Remember… security is everyone's business.