Is this my bank? When criminals impersonate using fake apps
It is increasingly common to receive attacks from fraudsters who impersonate banking institutions, the aim of which is to first obtain our passwords and then to gain access to our assets. However, the increase in these attacks has reinforced the efforts of bank security teams and police forces, both in terms of prevention and awareness, making it increasingly difficult for cybercriminals.
The most common method is still the sending of an SMS ('smishing') or an email ('phishing') informing us of some kind of alert and attaching a link to regularize the supposedly anomalous situation, either by downloading an application or making us believe that we will go to the bank's website.
In both cases, we should avoid clicking on the links in these messages. Remember that BBVA will never send you links via SMS, nor will it ask you for passwords or personal data.
With downloads, there is the added problem of installing malware on our device that falsifies the BBVA app. In this type of situation, the aim is to obtain our user name, password or even the confirmation code to authorize transactions from our accounts to those of the cybercriminals.
In this sense, during June, some BBVA Spain customers received a 'smishing' campaign launched by cybercriminals with the following message:
After clicking on the link, the user was presented with a screen for stealing their login details, very similar to the official BBVA screen, and was then offered to download a supposedly legitimate application called BBVA Protect or BBVA Lock.
Should you ever receive such a message, please remember that there is only one official BBVA app and that is the one that can be found on the official download pages or apps (Google Play and Apple Store). BBVA will never send you direct app download links.
To prevent these situations, it is best to remember a few simple tips:
- Use official download stores when installing applications.
- Avoid downloading applications through links included in e-mails, SMS or from instant messaging applications.
- Verify in the Applications section, within the Settings section of your device, that all applications are known and that you remember having installed them.
- Make sure that your device's software is always updated to the latest version.
- If there are applications that you have not used for a long time or are obsolete, it is best to uninstall them.
And if you suspect or believe that you have been a victim of these attacks, it is very important to report the incident to the police, as this is the only way to fight against cybercrime. In addition, it is important to notify the bank using legal means to block the account, its access, card etc., by directly dialing the bank's number (900 102 801, in the case of BBVA Spain customers) or by typing the bank's web page directly into the browser.