what is smishing
The smishing It is a very dangerous variant of the typical Phishing attacks that reach us by email. Although the form of attack changes with respect to Phishing, the objective is the same: to deceive the victim to try steal your login credentials, steal your bank accounts and even cards debit or credit card, making the victim believe that they are on an official and legitimate website. Our security and privacy is in danger from this type of attack, because we could expose our passwords, including the bank accounts that we have, so it is critical that we be very careful with this type of attack.
the smishing use SMS messages that we receive on our mobile with a link. This SMS message “appears” to be from our bank, but in reality the cybercriminals change the origin of these SMS so that the victim trusts that they have received an SMS from Openbank, BBVA, Caixabank or any other bank. We will receive this SMS whether or not we are a customer of this particular bank, that is, if we have a Caixabank account we can perfectly receive an SMS that passes itself off as BBVA. When we receive an SMS from a bank where we do not have an account, we usually delete it, however, if it just so happens that you do have that bank, then you could trust the received SMS and click on the link, and this is just what You should avoid.
Today this type of attack is aimed at stealing bank accounts or credit cards, so we must pay close attention to the SMS that we receive from our bank, and it is critical not to click on any link that we have in the SMS to avoid this identity theft attack on the bank, and that we are the victims of identity theft.
However, with the popularity of online shipments, companies such as DHL or Envialia are also being supplanted. We may receive SMS messages indicating that we have to pay customs, pay an additional amount of money to receive the package or any other “hook” to try to deceive us. Below, you can see a couple of examples of these SMS:
How to detect this attack and avoid it
This phishing attack that aims to steal our credentials can be detected easily and quickly, although this depends on what type of SMS we receive and how the “hook” message is constructed to make users fall for it. cheated.
The first thing we must look is the spelling of the SMS, generally these types of attacks are carried out by cybercriminals who are in other countries, and do not know the spelling of Spanish. We should also look at the way they address us, especially comparing it with legitimate SMS from our bank, and it is generally quite different.
The second thing we need to look at is if they prompt you to click on the link, that is, they look for the user’s fear and report that something is wrong or that there has been an excessive charge in the bank account, and invite us to review it. It is possible that if we click they ask us for personal information, to later use it against us in a malicious way. Another aspect that you should check is if there is a rush because you click on the link yourself, that is, it is something very urgent that you cannot wait.
we should also check if the SMS has a link to the bank page, you should never get into your bank through a link that you have received by SMS. To avoid problems, access directly through the app on your mobile or from the official website that you have saved in your computer’s bookmarks. In this way, you can access your bank account safely and without fear. If you click on the link, it will possibly take you to a website that is specifically designed to deceive you, that is, it is exactly the same as the official one but it will be used to steal your username and password, so you should never enter your credentials in this Web.
Some years ago the Illegitimate scam websites used the http protocol (not secure) For its tricks, this protocol does not offer any type of point-to-point encryption, so it was the first aspect that you should check to check if it was a legitimate website or not. Automatically, if the user saw that he did not have the “little pad”, he already mistrusted it. Nowadays scam websites also work with https (secure), but this means that communications are encrypted with the deception website, it does not mean that the website is safe and legitimate. Therefore, even though this website uses https, it could very well be a fake for the legitimate website.
In many cases when we receive an SMS from the bank, at the top it indicates a sender that says “BBVA”, “Openbank” or the bank that it is, however, this can also be easily falsified, so you should not trust it because at the top of the SMS it indicates your bank account.
what you must do if you receive an illegitimate SMS, delete it as soon as you receive itand you should never click on the link or link that we have in the SMS. In this way, you will not be a victim of this type of attack. Finally, we must use common sense, the bank will never ask us for data that they already have, such as our username and password, nor the data of the debit or credit card, in addition, if we do not expect any package, we will not we must pay attention to the SMS indicating that we have to pay something additional to receive a package. If you receive an SMS that prompts you to hurry, you should know that your bank will never contact you by SMS for important things, but will call you directly.
What to do if we have already been victims
If we have received an illegitimate SMS and we have been victims of this attack, depending on what you have done with that SMS, you will have to take some very important steps to avoid greater evils. What you should know is that if you have not clicked on the link you are not in danger, you should simply delete the SMS and not accidentally click. It is very important that you delete this SMS as soon as possible so as not to enter the link by mistake.
If you have clicked on the link, there are some SMS that take you to a fraudulent bank website and invite you to fill in your username and password. If we have not filled in anything on this website because we have realized that it is not our bank, simply leave this fraudulent website and delete the SMS you have received. In the event that you have filled out the website with personal data, you must do the following:
- Review what data we have provided and what they can do with it.
- If you have entered your bank username and password, enter as soon as possible through the app or via the web and change the password. You can also call your bank manager directly to inform him of the matter and to be alert in case you have suffered an intrusion in your account.
- If you have entered your credit or debit card, block it as soon as possible, even if no charge has been made yet.
In the case of clicking on the link, if we have started downloading a program or app for our smartphone, you should never install this application because it could be a banking Trojan to steal all our bank accounts. In the latter case, what you should do is delete the downloaded application or program, exit the fraudulent website and also delete the SMS message you received. In the event that you have installed the fraudulent application, you should quickly do the following:
- Delete the app as soon as possible.
- Download an antivirus for your smartphone, start the scan as soon as possible to eliminate the possible malware that has been installed on you.
- Change the passwords of all the accounts you manage with your smartphone, including those of the bank.
However, if you have been a victim and have installed malware on your smartphone, the best thing you can do is restore it to factory settings to make 100% sure that there are no traces of malware left.
The most important thing to know is that if you receive these SMS and you have not clicked on the links, you will not be in danger, simply delete the SMS and you do not have to do anything else.