A new case of identity theft via SMS has put the focus on Barcelona after a campaign was detected that uses ING's image to try to steal passwords and personal data from clients. The fraud relies on a message that reaches the victim's mobile phone and is displayed in the same inbox where other real notifications from the entity appear, which reinforces the appearance of authenticity.
The fraudulent notice warns of a supposed access to the bank account and urges the user to verify their identity through a link. The SMS text is clear and seeks to generate immediate alarm. "someone has tried to enter your account. If it wasn't you, verify your identity".
A fraud based on pressure and urgency
The technique used in this case is phishing, a type of scam in which cybercriminals impersonate the identity of banks or companies to make the victim believe they have a pending problem and push them to provide sensitive information.
In this case, criminals seek to obtain data such as the DNI, the address, the card number or even the email password. With that information, they can take one more step and operate on the victim's bank accounts.
Once they obtain that data, the perpetrators of the fraud take advantage to empty the current account through transfers sent to accounts controlled by them. The latest known case of this identity theft affects the digital bank ING.
What the experts recommend
Cybersecurity specialists insist on being wary of any message that demands urgent action or within a limited timeframe. Pressure, they recall, is one of the main warning signs in this type of scams.
In case of any doubt, the recommendation is not to click the link included in the SMS and to call the official phone number of the bank directly to check if there really is an incident in the account.
If the victim has already provided information or believes they have fallen for the scam, it is advisable to immediately block all current accounts and cards, both credit and debit. It is also advised to change passwords and report what happened to the banking entity and the Mossos d'Esquadra to record the fraud and try to limit its effects.