Cybercriminals always find new ways to try to get one of their victims to take the bait and fall into their networks. Every day new methods emerge with all kinds of scams and scams by SMS, email or phone call.
As the types of crimes advance faster than we can often report to you, we are going to tell you once and for all a few of the forms of scamming and swindling that the Security Forces and Bodies have warned of lately.
Phishing in ING and Santander
A user affected by a phishing scam has decided to tell how his experience has been, in order to alert about the method they use to impersonate the bank and steal your personal data.
let’s mess Here is the thread of how I gave some scammers my data. https://t.co/GjadQ9wSnW
– Jerónimo Palacios (@giropa832) June 6, 2022
Apparently, he received an email supposedly from ING saying that he had to register his device to verify operations. He didn’t notice one of the first things to look for in validating sender identity: the email address they’re sending from. Despite coinciding in format and being well written, this would have served to see in the first place that they were impostors, since they sent it from ing@indirect.es
This email informed of the need to update a validation device to adapt to the PSD2 regulation (Payment Services Directive). Coincidentally, a few weeks ago the user received a legitimate notice that he had connected from an unknown device, so registering a new trusted device sounded consistent for his personal case.
He too INCIBE (National Cybersecurity Institute) has warned of a campaign of sending fraudulent emails of a malware distribution type that try to impersonate Banco Santander through an alleged electronic invoice.
With subject patterns in the mail such as “your bill arrived”, “electronic bill”, “your bill is already available”, “overdue bill” or “pending payment”, they pass themselves off as Santander and, if accessed, infect the victim’s device with malware identified as Grandoreiro, a banking Trojan that could allow cybercriminals to perform actions such as manipulating windows, logging keystrokes, and obtaining addresses from the victim’s browser, among others.
missed call scam
Although it is not a new phone scam, the Civil Guard has again alerted about the missed call scam. It occurs when we receive a very short missed call from foreign phone codes such as +355 (Albania), +225 (Ivory Coast), +233 (Ghana) and +234 (Nigeria).
Do you know the missed call scam? 📞
Don’t return misses of these prefixes:
355 👉 Albanian
225 👉 Ivory Coast
233 👉 Ghana
234 👉 NigeriaThey will charge you a special rate. pic.twitter.com/tVIinOZ4ZC
– Civil Guard 🇪🇸 (@guardiacivil) June 6, 2022
As the saying goes, “curiosity killed the cat.” When we call back, we are actually calling a premium rate number, of which the scammer takes a cut.
TrojanSMS
Just like informs the Internet Safety Officea new malware distribution campaign has been detected in Spain that aims to subscribe users to premium services and make premium-rate calls.
Hidden among greedy programs of difficult credibility such as applications to hack games, adult content websites or free streaming services is the TrojanSMS malware, which the company that has identified it (Avast) has called SMSFactory.
⚠️#ALERT‼️ Malware distribution campaign detected through malvertising (#malvertising) whose objective is to subscribe users to premium services and make premium rate calls. #Don’tPiques
ℹ️ More information 👇https://t.co/h9kedXPKPJ pic.twitter.com/DsjiXA98eQ
– Civil Guard 🇪🇸 (@guardiacivil) June 8, 2022
This is distributed through malicious advertising, present on advertising pages (malvertising), redirects the user to download an application through which, supposedly, they access that content and, once installed, it does not offer what was promised and hides its presence on the user’s device to go unnoticed.
This stealth ability is what makes it different from other recent TrojanSMS campaigns. In the background, the malware sends the user’s phone data, such as the model, number, carrier, or location, to a server.
