Alert, cyber criminals may use call and SMS tactics to steal money from your bank accounts

Cybersecurity company ESET alerts on the appearance of new campaigns in which cybercriminals impersonate Bankia, Bankinter and Banco Santander. The fact that cybercriminals are currently especially focused on taking advantage of the coronavirus does not mean that they forget their most classic scams. According to the cybersecurity company ESET, in recent weeks there has been an increase in cases of impersonation of banks by SMS messages. The objective of the individuals behind these attacks is to steal control of the victim’s account and, in this way, have full access to the money inside, or access credit card data.

“In the last weekend, we have detected different cases of impersonation that affect three banking entities: Bankinter, Bankia and Banco Santander. In the first two, criminals sought access to credit card data. At Banco Santander, they were going to directly take control of the account. They even asked for the electronic signature and the code that the entity sends you by SMS to demonstrate that it is you who is trying to access it. This way they could enter the account and make the transfer of the money they wanted, “Josep Albors, head of awareness and research at ESET Spain, explains to media.

credits: black tusk software

The campaigns began last Thursday, April 2. The first supplanted bank was Bankinter. However, just a few days later, the attackers began impersonating others, such as Santander or Bankia, to increase their range of action. In the SMS, the victim is explained that her bank account has been blocked. If you want to fix the situation, you will have to “click” on a link that accompanies the text and redirects you to a malicious page that is controlled by attackers.

Albors emphasizes that none of the domains created to supplant these banks are completely faithful to the authentic ones. However, they are quite successful, making it easy for someone to fall into the trap. In the event that attackers pose as Santander, and the user clicks on the link, they will be sent to a page where they will be asked for the necessary information to access their online banking account. After this, you will be redirected to another page to provide your electronic signature. Finally, cybercriminals will ask you for the phone number, which is necessary, and then provide the double verification code that the bank sends, via SMS, to its customers.

In cases where criminals impersonate Bankinter and Bankia, what they are looking for is the credit card information. If the victim clicks on the hyperlink that accompanies the SMS stating that his account has been blocked, he will be redirected to malicious pages in which a card number, date of birth, security code, and pin are requested. “The reason for this change is difficult to explain. It is likely that these are different criminal groups or a change in strategy to see which one is more beneficial to them, ”says the ESET head of awareness and investigation. Bankia, for its part, has already warned about the existence of this scam through social networks.

They also take advantage of the coronavirus

Despite the fact that these scams are not related to the coronavirus, which is the hook currently most used by cybercriminals, ESET has discovered that the attackers behind it have also participated in other malicious campaigns in which COVID 19 is used to trick users. Cyber-criminals seek to maximize their profit. From the same IP used for one of these cyber-frauds, they have used another domain that has been used to exploit the coronavirus on the network. They are trying to make the most of it. We have seen many cases where they use the COVID 19 to trick users. With maps that supposedly offer information about the pandemic to pages that apparently are intended to get donations.