Social engineering techniques take advantage of human vulnerability to trick victims into divulging private information or giving access to their money, bank accounts, etc. Generally, they tend to bet on identity theft, where no one is safe from having their identity stolen.
On this occasion, they create a sense of urgency in the user of an online bank who, fearing that he will lose the possibility of using his card, ends up sharing his private keys.
New wave of bank phishing emails
The Internet User Security Office warns of a new phishing campaign in which they are impersonating the identity of the digital bank known as Wizink. In these emails to the sender who must update the information of their personal data if they do not want their account and card to be blocked.
“Dear Wizink customer,
We inform you that you will not be able to use your credit card from [fecha]. You must verify that your security system is activated. The account will work normally once you have confirmed your personal information and credit card [número]. Check the status of your account and update it by clicking the button below”.
As we can see in the transcript of the message that is sent, it lacks spelling mistakes, which is usually one of the main signs that an email is fraudulent and hides identity theft. A more distinguishing signal might be the sender’s email address, which in this case is an odd combination of numbers and letters and is not confusing with Wizink.
If you click on the link, something that can happen due to the apparent sense of urgency that said email prints and the need not to lose the possibility of using your credit card, a quite successful recreation of the official website of the bank, which even adds some sense of legitimacy by starting with https.
What to do if you’ve clicked
As a general rule, you should be wary of all those alarming messages that have an urgent tone or contain misspellings or grammatical errors. If you receive them, you should never respond to these types of suspicious messages or click on the links they contain.
In general, it is advisable to carefully review any link received, see if they include strange words or characters, and when in doubt, never open them and resort to official channels such as your online banking to check if there is any type of alert. If the link is shortened and makes it difficult for you to tell whether it is legitimate or not, you can use services like Unshorten that return us the real link that is hidden behind Bitly or similar.
If unfortunately you have already fallen for a scam of this type, the steps to follow should be the following, also according to the National Institute of Cybersecurity:
- Contact your bank immediately to report what has happened and cancel any transactions that may have been made.
- If you have also provided personal data, such as your phone number or email, stay tuned and check that you are not subject to another type of fraud by these means or that they do not impersonate you.
- You can also report this situation to the State Security Forces and Corps (FCSE).
