Updated:04/09/2020 02: 06h
That cybercriminals are currently especially focused on taking advantage of the coronavirus does not mean that they forget their most classic scams. According to the cybersecurity company ESET, in recent weeks there has been an increase in cases of impersonation of banks by SMS messages. The goal of the individuals behind these attacks is steal control of the victim’s account and, in this way, have full access to the money inside, or access the credit card details.
«In the last weekend we have detected different cases of impersonation that affect three banking entities: Bankinter, Bankia and Banco Santander. In the first two, criminals sought access to credit card data. At Banco Santander they were going to directly take control of the account. They even asked for the electronic signature and the code that the entity sends you by SMS to demonstrate that it is you who is trying to access. This way they could enter the account and make the transfer of the money they wanted, “Josep Albors, head of awareness and research at ESET Spain, explains to ABC.
The campaigns began last Thursday, April 2. The first supplanted bank was Bankinter. However, just a few days later the attackers began posing as others, such as the Santander or Bankia, to increase your range of action. In SMS, it is explained to the victim that her bank account has been blocked. If you want to fix the situation, you will have to “click” on a link that accompanies the text and redirects you to a malicious page that is controlled by attackers.
Albors emphasizes that none of the domains created to supplant these banks are completely faithful to the authentic ones. Nevertheless, they are quite successful, making it easy for someone to fall for it. In case the attackers pose as Santander, and the user clicks on the link, he will be sent to a page where he will be asked for the necessary information to access his online banking account. After this, you will be redirected to another page to provide your electronic signature. Finally, cybercriminals will ask for the phone number, which is necessary, and then provide the double verification code that the bank sends, via SMS, to its customers.
In cases where criminals impersonate Bankinter and Bankia, what they are looking for is the credit card information. If the victim clicks on the hyperlink that accompanies the SMS stating that his account has been blocked, he will be redirected to malicious pages in which a card number, date of birth, security code and pin are requested. “The reason for this change is difficult to explain. It is likely that these are different criminal groups or a change of strategy to see which one is more beneficial to them ”, says the person in charge of awareness and investigation at ESET. Bankia, for its part, has already warned about the existence of this scam through social networks.
Hi there! The SMS has not been sent by our entity, it is a phishing attempt, so you must make sure not to provide your personal details and passwords. In addition, we share this image with the steps to follow if you are affected. Cheers! pic.twitter.com/8ZLj3pyARl
– Hello Bankia (@HolaBankia) February 7, 2020
They also take advantage of the coronavirus
Despite the fact that these scams are not related to the coronavirus, which is the most commonly used hook by cybercriminals, ESET has discovered that the attackers behind it have also participated in other malicious campaigns using the Covid 19 to trick users. Cyber criminals seek to maximize their profit. From the same IP used for one of these cyber-frauds, they have used another domain that has been used to exploit the coronavirus on the network. They are trying to make the most of it. We have seen many cases where they use the Covid 19 to trick users. With maps that supposedly offer information about the pandemic to pages that apparently are intended to get donations, “says Albors.