THANKS TO DIGITAL LANCELOT
No private company or public institution requests personal data from its clients by phone or by email, that is what the National Police repeats over and over again, but the scams continue to occur. Now a new type of phone scam known as spoofing has been detected, a technique in which cyberscammers pose as a trusted sender to access their victims’ data. Until now, the usual thing was for the false employee to verbally request the access codes to the telephone bank from the victim, however, in this new variant, the cybercriminal himself warns that for security reasons the password should not be verbalized to anyone and that the password must be dialed directly on the phone. After the deception
After gaining the trust of the victims, they request sensitive data
This fraud, known as spoofing, consists of impersonating the real telephone number of energy companies, banks or public institutions, which makes the scam almost undetectable.
Although spoofing is not a new fraud method as such, specialists in the fight against cybercrime from the National Police have detected an improvement in the technique that makes it more difficult for victims to detect. In this sense, cybercriminals impersonate the real telephone number of energy companies, banks or public institutions, in such a way that if the victim checks who said number belongs to, they will see that, indeed, it is the company or entity to which scammers are impersonating.
Through the phone conversation, and whenever the phone number matches, they gain the trust of their victims by talking about account security issues. Next, they are instructed to dial the private banking access code or a verification code on the keyboard of their mobile terminal, through a link sent at that very moment by SMS.
Under the pretext and warning that -for security reasons- they should not speak the password to anyone, now they ask you to dial it directly from your keyboard. In the event that the victim falls for the scam, the scammers capture the keystrokes they type on their mobile and start to control their secret passwords.
Tips from the National Police to avoid being a victim of cybercriminals
- Never provide personal or bank details without making sure that it is the company or entity in question. In addition, our bank, telephone company or utility company already has this data, therefore, they will never ask us for it.
- Remember that no private company or public institution uses this method to request personal data from its clients.
- Never provide card information, identity documents, income statement, payroll, usernames, passwords and passwords.
- Do not accept, in any case, the conditions offered in the same call or communication. Request that they send us the documentation for study or place a second call so that we can make checks.
- Do not click on the links in the text messages that they send us and, in the case of bank accounts, always access through the application provided by financial institutions, telephone companies or supply companies.