With the popularity of online shipping, as more and more purchases are made over the Internet, cybercriminals also they can call you pretending to be Correos, Seur and other parcel companies, with the aim of obtaining our very valuable information, and even directly asking us that we have to pay customs to be able to dispatch the shipment, and even that we have to pay something additional for the shipment to reach our home. Therefore, we must pay special attention to all calls made to us of this type, asking for our private information.
In this type of attack, it is also possible that they incite us to install some type of program or app on our smartphone, and it is even possible that they incite us to enter an illegitimate website that pretends to be a real website, for example, from our bank, therefore, we should be very careful and pay close attention to these types of calls.
How to detect and avoid it
This identity theft attack from a real company aims to steal personal information, our bank access credentials, and they will even want to steal our debit or credit card. Depending on the type of call we receive and what they ask us for, we have different ways of detecting it.
If they claim to be our bank
This is one of the most dangerous calls that can be made to us. If we receive a call pretending to be our bank, we must be extremely careful before providing them with any of our private data, let alone user credentials or credit card information. The objective of these calls is to steal the username and password to access digital banking, and also our debit or credit cards, so they could steal money from us.
When we receive a call like this, we should never provide username and password information to access digital banking, even if the caller tells you that they need that information to access your account and perform some action. Banks already have all the necessary information by simply providing the customer’s DNI, through this identifier they will be able to access your account and carry out any action, without you having to provide anything else. If they call you, they will ask you to identify yourself with your name and surnames as well as your ID, on some occasions they will also ask you for your date of birth, but they will never ask you for your account access codes or debit card numbers. or credit.
It is very important to distrust the person who calls us at first, and not provide too much information until we are sure of the reason for the call and if this call makes “sense”. For example, if we have an open incident at the bank and we are waiting for a call, it is logical to think that it is legitimate, but you should buy it just in case it is not.
Logically, if the person who calls us is our personal manager of the bank that we already know after having spoken with him on other occasions, then we can lower our “guard” and trust, because we know reliably that he is a bank employee and is our manager. .
If they impersonate our operator
If they call us pretending to be our operator, this is usually due to two reasons:
- It is a competitor operator, and they want to “steal” a customer from them. Therefore, they could deceive you by saying that they are going to raise your Internet rate, and right after that they will call you from the competition. This type of attack is very typical in commercial operators.
- They want to obtain details of your bank account or credit card, in order to steal money from you.
In the first case, you must know how these calls proceed and avoid being deceived. If you really have not had a rate increase on your mobile bill, then you should not pay much attention to this call, especially if you receive a call from the competition right after.
In the second case, the operator will never ask you for the bank account for the receipts, because they already have it when you signed up. Of course, they will not ask you for credit card information either, because they already have your bank account to give you the receipt for the current month. In this case, whether it is a bank account or a card, the objective is to steal money directly and you must avoid these calls.
If they claim to be from the electricity, gas or water company
If they call us pretending to be our electricity or gas company, and even the water company if there are several companies that take care of it, it is due to the same reasons as in the previous case:
- The competition wants to trick you into switching to their electricity, gas or water rates.
- They want to obtain sensitive information such as payment information (bank account and cards).
Personally, the first case has happened to us, a company that pretends to be the current company and tells you that they are going to offer you a very important discount on your bill, and then when you continue talking and making the voice recording, they tell you that they will go to another electricity or gas marketer. This is clearly an attempted scam by the salesperson who called you.
In the second case, they will try to get bank information and cards in order to steal as much money as possible.
If they encourage you to enter a website or download something
If the person calling you is encouraging you to enter a website or download a program, you should be completely suspicious and never install any program or app that they tell you. In case you install this type of malware, you might have a banking Trojan to steal all your credentials or any other private information like email credentials and more.
Although a website may seem legitimate from our bank or Internet company, today it is very easy to clone a website and modify it to steal all the data entered. You should know that as soon as you enter the information, for example, a username and password, cybercriminals will have this information to access your accounts directly.
What to do if we have already been victims
If we have been victims of this phone scam, we should review what information we have given to the person on the other end of the phone. Depending on the information provided, we will have to take some actions or others to protect ourselves.
If we have given you a username and password for our digital banking, we must enter our account as soon as possible and change the access password. If it is no longer possible to access, then you will have to call your personal manager or the bank’s customer service as soon as possible, so that they block any movement of the bank account and reset the access codes. Once the manager or the bank has done this, you should also check if you have any outgoing transfers or account charges of any kind. Of course, if money has been stolen from you, you will have to notify the bank and file the corresponding complaint at the Police Station.
If we have given you our debit or credit card, what we must do is block them as soon as possible through the mobile app or through digital banking via the web. In this case they will have made a charge or they will have subscribed us to some Internet service to charge this card, therefore, we must cancel this card as soon as possible to avoid major problems.
In the case of having been deceived and they have changed our electricity, gas, telephone or water company, you will have to contact your current company and indicate that you have been deceived, so that they stop any type of portability or transfer from one company to another. . This case could be quite problematic because they will have made a voice call to confirm the portability, but if you realize it in time you can avoid being transferred to that other company that you do not want.
As you have seen, Vishing is a very dangerous attack that consists of tricking the victim into providing private information to cybercriminals.