SMS: The WhatsApp of 20 years ago, text messages or SMS seemed doomed to disappear forever in the reality of smartphones and messaging applications. But lo and behold, they have found a second life, and are widely used today to, for example, receive delivery notices from a courier agency, digital payment checks, or messages from your bank.
But what if those SMS from your bank are not true?
Smishing with BBVA
The INCIBE (National Institute of Cybersecurity) has detected “a campaign to send fraudulent SMS, smishing, that try to impersonate BBVA.” The detected SMS informs that the account has been deactivated and they request that the employer or worker “click on a shortened link to verify information “, pure social engineering without a doubt, to see if it sneaks.
In the malicious campaign that impersonates BBVA, the message is the following – such as:
“We regret to inform you that your account has been deactivated. For your security we ask you to complete the following verification.”
Next, the message provides an external link that redirects to the fraudulent website that imitates that of the bank BBVA, where the user access data is requested – the NIF and the access code that you use on the BBVA website if you are client.
The link redirects to the fraudulent website where the user access data is requested. If you enter your online banking access data, “your card details will be requested on the next screen.”