On Monday the Oficina de Seguridad del Internauta (OSI) reported that several smishing campaigns had been detected impersonating numerous banking entities. Since then, La Policia Nacional has arrested eight such scammers.
Think! Don´t click on the link!
The objective of these scammers is to direct the victim to a false web page. This impersonates the official website of a banking identity. They do this to steal your credentials, and to access your banking service. The wording used in the messages tries to alarm the user so that you click on the link and follow the steps indicated without stopping to think.
If you have received an SMS like this, clicked on the link and provided your access data (username and password), as well as any other personal or financial data, OSI urge you to contact the bank as soon as possible to inform them of what happened. You must also try to cancel any possible transactions that may have been carried out, block access to your account, and cards. Furthermore, you should update the access data to your online banking service. In addition, they recommend changing your password in any other services where you might have used the same password as the one used to access your online banking.
Additionally, the OSI advise you to check that you do not have call redirection activated on your device to an unknown phone number without your being aware of it. Most mobile devices will enable you to follow the steps below to ensure your call forwarding is switched off;
On Android devices, follow these steps:
Phone icon> Click on the three dots at the top right> Settings> Additional services> Call forwarding.
For iOS devices:
Settings> Phone> Call forwarding.
General advice to avoid being a victim of scammers:
Avoid being a victim of fraud of this type by following the recommendations from OSI:
- Do not open messages from unknown users or from those that you have not requested. Delete them immediately. Do not reply to these SMS under any circumstances.
- Be careful when following links, even from “supposed” known contacts.
- Check the URL of the web page. If there is no certificate, or if it does not correspond to the site you think you are accessing, do not provide any type of personal information: username, password, bank details, etc.
- In case of doubt, consult directly with the entity involved or with trusted third parties, such as the Internet Security Office (OSI) of INCIBE.
Also, always remember the advice provided by the security sections of the banks and financial institutions:
- Close all applications or programs before accessing your website.
- Directly type the URL of the entity in the browser, instead of reaching it through links available from third-party pages, in emails or SMS. Remember that a bank never notifies incidents of your account through email or SMS, including a link to its website in the message.
- If you prefer to use the bank’s app for the different procedures, make sure you download the official app.
- Protect your accounts. Use strong passwords and double verification systems, whenever possible, as this will add an extra layer of protection.
- Do not access the online banking service from devices that are public, untrusted, or connected to public Wi-Fi networks.
Also read: Watch out for email or SMS bank scams
* Vishing: fraudulent phone calls that induce you to reveal personal information. Smishing: fraudulent text messages meant to trick you into revealing data.