The Superior Headquarters of the National Police in Aragon alerts citizens to an uptick in scams in the form of "smishing" and "vishing" or, in other words, phishing via SMS or phone calls.
Smishing is a technique that consists of sending an SMS by a cybercriminal to a user pretending to be a legitimate entity -social network, bank, public institution, etc. -with the aim of stealing private information or making an economic charge. Generally, the message invites you to call a premium rate number or access a fake website link under a pretext.
Vishing is a type of social engineering scam by phone in which, through a call, the identity of a trusted company, organization or person is impersonated, in order to obtain personal and sensitive information from the victim.
In recent weeks, two modes of modus operandi have been detected, one in which the client receives an SMS supposedly sent by their bank or a parcel company, informing them that strange movements are taking place in their bank account and that they have tried to access to your bank account.
More information The Police warn of telephone scams to shops and restaurants in Zaragoza One of the biggest European cryptocurrency scammers arrested in ValenciaIn some cases, in said email they are sent a link that supposedly redirects to the bank's website, to proceed to modify the access codes. Minutes later he receives a phone call, posing as his bank in which they ask him for the access codes to his online banking, to proceed to cancel his bank cards. The victim provides them with as much information as they request.
Subsequently, the client accesses the bank's web page from his browser, appearing a pop-up box in which he is once again asked for the access codes for online banking. Simultaneously they receive an SMS with passwords that they must enter, in fact it is the confirmation password for a fraudulent operation.
How to burn in your headphones to sound great every time https://t.co/dvUmlXxb0G via @YouTube
— synfiniti Wed Jul 18 15:27:35 +0000 2018
Thus, by obtaining this sensitive data, they take control of their bank accounts and seize large amounts of money, frequently making bank transfers.
Another modality is to supplant a parcel company. Specifically, the cyberattack is carried out through a short text message -SMS- that the victim receives on their device, the most used topics being the request for a payment or completing the delivery address to receive a package. This message includes a link to install an apk application that appears to be the official one of the entity.
Once the victim accepts the download, in addition to the aforementioned simulated apk, remote access software will be surreptitiously installed, which will first request permission to receive, read, and modify SMS.
Recommendations to avoid being scammed
The National Police has made its recommendations to avoid this type of scam. For example, never access from links received in emails or SMS since they usually impersonate and simulate the official page. Always access by typing the bank address or parcel company in the browser.
Likewise, they suggest contacting the bank or company on the official telephone number, not from the number that calls us; never install mobile applications received by SMS; update the operating system and programs; and have an updated antivirus, firewall, and antispyware.
The main maxim that agents want to convey to citizens is that no banking entity will ever ask its customers for sensitive data (keys, passwords) by phone, email, SMS, or by any other means.