In recent days, information has been running on WhatsApp about a scam in which a victim claims that they called him from a number that pretended to be the bank, to request sensitive personal information that cybercriminals can later use to steal information or money. from your bank account.
As real as it may seem, remember that your bank will never call you to request personal information. Not even if it seems credible, not even if they tell us that our account has been blocked… never.
The vishing of the banks returns
Vishing is a type of social engineering that, like phishing (emails) and smishing (SMS), seeks to obtain personal and/or banking data from users; but in this case the fraud is committed through a telephone call, deceiving the victim by impersonating the identity of a trusted third party.
One of the most used examples of these third parties is to supplant the identity of the banks themselves , in order to have direct access to data that the victim can provide and with which money can later be stolen or unauthorized purchases made.
These vishing calls can be of various types, depending on the modus operandi of the cybercriminal. In many cases, the bank is directly supplanted and some customer data obtained by other means is offered to generate trust and so that the possible victim of fraud provides the requested information without suspicion . This method usually combines several social engineering techniques such as spoofing (impersonation of the telephone number, which may appear with the name of the bank) and OSINT (search for information in Internet sources for the purpose of generating trust in the service client they are supplanting).
Your bank will not call you
Regardless of the method used by cybercriminals, remember that, in case of unexpected calls from your bank asking for sensitive data such as a password, electronic signature, confirmation code that arrives by SMS or similar information , be immediately suspicious. Your bank will never ask you for this confidential information over the phone, except in a personal call with your bank manager or in a similar situation.
In the event that you receive a phone call with these signs described above, make distrust your best weapon. Be suspicious and, if you receive a call asking for sensitive personal details, do not provide any bank details. In the event that the reason for the alleged call may coincide with a real circumstance of your account, take charge of the situation, hang up the received call and call your bank’s telephone number to verify the veracity of the previous call and solve the problem in your bank account if it actually exists. It is preferable to interrupt the communication and contact the bank or entity to report what happened.
These recommendations also apply to other forms of contact in which they request information, whether by e-mail, SMS or any other insecure channel. Also be suspicious of those contacts that are made with the argument of offering you an excessively good promotion or offer. If it’s hard to believe, it’s probably not true . Sometimes, greed breaks the bag and cybercriminals get you to provide your personal data with promises of refunds of money that you have not requested or to reimburse commission money, etc.
If you have provided your data, quickly check if there have been movements in your account and, if so, report the case to your bank and also to the State Security Forces and Bodies.
