Computer crimes of identity theft are the order of the day. There are more and more of them and their methods are more sophisticated, but the goal is the same: to steal your money. A clear example is a group of four people who, fortunately, have been arrested for committing this type of scam in a total of 60 crimes in which they had managed to swindle more than 200,000 euros from the victims.
Generally, the bad guys try to get hold of our bank details in many ways, but this time, this group of scammers did not even shy away from direct contact with the victim.
In this scam they even call you “from your bank”
In this scam, it all starts with a typical case of smishing , sending mass text messages to numerous people, making them believe that it is a message from the victims’ bank and providing a fake link in which it is simulated to be the online banking in question.
By providing this data, believing that it is a real contact from your bank, they access the victim’s online banking , they have access to all the victim’s data. Sometimes, fraudsters do not acquire all the necessary data to be able to commit the scam in this first phase, since some banking entities establish double verification mechanisms to avoid scams.
So far, nothing new with respect to other types of impersonation scams that we have reported on this website, but what these criminals did was also establish telephone contact with the victims , pretending to be agents of the bank. In said call, they warn the victim that they are being victims of fraudulent charges in their bank account and to prevent these charges from being carried out, they must provide the data that is requested by the alleged bank staff. Once the victim provides this data that was not accessible at first, the scammers do acquire complete control of the victim’s accounts and proceed to empty them as much as possible.
Vishing is a type of social engineering that, like phishing (emails) and smishing (SMS), seeks to obtain personal and/or banking data from users; but in this case the fraud is committed through a telephone call, deceiving the victim by impersonating the identity of a trusted third party.
Regardless of the method used by cybercriminals, remember that, in case of unexpected calls from your bank asking for sensitive data such as a password, electronic signature, confirmation code that arrives by SMS or similar information, be immediately suspicious. Your bank will never ask you for this confidential information over the phone , except in a personal call with your bank manager or in a similar situation.
In the event that you receive a phone call with these signs described above, make mistrust your best weapon. Be suspicious and, if you receive a call asking for sensitive personal details, do not provide any bank details. In the event that the reason for the alleged call may coincide with a real circumstance of your account, take charge of the situation, hang up the received call and call your bank’s telephone number to verify the veracity of the previous call and solve the problem in your bank account if it actually exists. It is preferable to interrupt the communication and contact the bank or entity to report what happened.
Tips and measures to avoid falling into the trap
Despite the threat, this type of fraud is easily identifiable and users have several guidelines and good practices that can help us defend ourselves against cybercriminals, as recommended by the Internet Security Office :
- Verify the identity of the sender. If an unknown number appears on the screen of our phone, a spam alert or we are not convinced, we can always check the phone number on Google to see if it is related to some type of fraud.
- Do not click or follow their directions. It is common for attackers to use automated messages and emails to trick their victims into downloading malware.
- Never provide personal information. Although we are not sure if it is a fraud, we should never share our data with a stranger.
If, unfortunately, you have already fallen for a scam of this type , the steps to follow should be the following, also according to the National Institute of Cybersecurity:
- Contact your bank immediately to report what has happened and cancel any transactions that may have been made.
- If you have also provided personal data, such as your phone number or email, remain vigilant and check that you are not subject to another type of fraud by these means or that they do not impersonate you.
- You can also report this situation to the State Security Forces and Bodies (FCSE).
