Fake text messages, a common practice among cybercriminals

Smartphones greatly facilitate our day-to-day tasks and allow us to be constantly connected and linked to our environment. Nowadays, they allow us to do practically anything, but no matter how advanced their technology, there is a feature that seems to not want to get old: the classic SMS, or text message.

The SMS is a means of communication used by many companies and public institutions to communicate with us... something that cybercriminals try to take advantage of to deceive us with their smishing attacks, or fake text messages.

These impersonate organisations, institutions, banks, brands or any other company through fake text messages, with the aim of making you enter your banking and/or personal details in the wrong place so that they pass into the hands of cybercriminals, who will use this data to scam you.

This is how smishing works

1. First, the cybercriminal creates a website that is the same or very similar to that of the company they want to impersonate, for example, CaixaBank.

2. Subsequently, you will be sent an SMS asking you to click urgently on the link attached in the message. They may try to trick you by saying that your account has been disabled, that there have been suspicious logins, "unusual" transactions in your account... all pretexts to make you click on the link, so they can get hold of the information you enter, i.e., your data.

3. To make the SMS more credible, some criminals are able to put the name of CaixaBank or some other company in the sender ID so that the message is displayed grouped together with other legitimate messages that have previously been sent to you from the same sender.
   

   

4. If you make the error of clicking on the link, you will be taken to a fake website created by the cybercriminal where you are asked to enter your bank and/or personal details under some pretext.
   

   

5. Once you enter your details, the cybercriminal then has access to your online accounts. Now they will try to perform transactions with your cards and even take control of the bank's online signing method in order to carry out fraudulent operations in your name. 

How can I protect myself?

• Remember that neither CaixaBank nor any other legitimate company or institution will ever ask you for your digital banking credentials or for any other personal information, such as your mobile number.

• You should never click directly on links contained in an SMS.

• Always log in to your online banking through the bank's legitimate app or through the bank's official website by always typing the address directly in the navigation bar.

• Be wary of messages promising prizes, unbelievable offers or trying to convey a sense of urgency, threatening to block your account or any other similar consequences.

• If you have any questions, contact your adviser or customer service.

• Also remember the importance of always reading any notification from your mobile banking app with the utmost care before signing any financial transaction or purchase operation.

And don't forget, just as we are careful in the physical world (you would never give out your passwords or data to someone who asks for them in the street), we should also be careful in the digital world: common sense is our greatest ally against cybercriminals.