INCIBE warns of a new phishing campaign that is supplanting banking brands such as Bankia and CaixaBank to steal user data.
Fake emails are the order of the day, phishing campaigns have grown in recent years to become a highly relevant threat on the internet. At the same time, it is about educating users so that they are more agile when it comes to detecting these digital scams.
Cybercriminals use well-known and weighty brands such as banks to appeal to their victims, who trust and be scared by any problem with their bank accounts, as in this case. The emails ensure that the user must re-provide their data on a web page that pretends to be from that company.
In the Bankia case, an entity that has recently been absorbed by CaixaBank, the user is informed that there has been a failure in an update of his account. “Security update not performed, Please validate the required update.”
The message could vary, but the idea is always the same, click on a link that is attached to that email and that takes us to a fraudulent website. It seems that we are on the Bankia website but this is not the case and by entering data such as ID and password, cybercriminals already have what it takes to operate on our behalf.
This system is repeated with the campaign on behalf of CaixaBank. It is important to recognize these messages and tricks to be able to identify them when they reach our email or mobile address and avoid them. Banks do not usually contact customers by mail on issues like these.
In any case, when in doubt, it is better to enter our bank’s website in other ways, without using the link provided by the email. From the browser, look for the official page as when we check the balance and there check if that notice is real.
It is also important not to download any file from that email, it may contain malware as we have seen in other cases of digital scam. Here we leave you a series of tips to avoid being victims of these increasingly frequent deceptions.