It’s been some time since we received deceptive phishing SMS to empty our bank accounts, but these days we have again seen a campaign that uses Santander’s name for malicious purposes, such as so common is since 2020. This has been the content of one of the versions we have received:

“An unauthorized device has connected to your online banking. If you do not recognize this access, check the following link: https://santander.auth-XXX-web.ru/”

This time, the attackers have taken care of the expression and punctuation, and return to using HTTPS to give the victim, if he associates it, that it is a more secure connection. This last point does not surprise us, since HTTPS has long ceased to mean that the website we visited was trustworthy.

What has caught our attention most about this SMS and another that we have seen mentioned on Twitter is the domain name .ru, from Russia. They may have come before, but in the cases we’ve reviewed on Genbeta recently we haven’t seen a .ru. We see the same thing in this SMS that @Armunho picked up on Twitter.

Lol, .ru, right now I click the link, Vladimir. pic.twitter.com/CyPFdYzt7F — Armuño (@Armunho) March 17, 2022

THEFT OF DATA AND UNSOLICITED PACKAGES WHAT IS BRUSHING

This is what happens if we enter





As usual, the recommendation is not to be alarmed when we receive an SMS like this, and not even click on the link. The important thing, experts always mention, is caution. What we can do is report your reception to the bank or entity whose name is being used as a fraud attempt.

Even if we want to open a link of these, It is not always easy, because browsers today have very well trained filters that usually warn us that we are facing something dangerous. But there are usually ways to still go all the way.

Other times, to do the simulation, we enter false data, and since the attackers’ system has no record of what our ID and password really are, it allows us to continue. However, on this occasion we have even tried with a DNI generator, and it has not accepted the data, arguing that the data entered is not valid.

Recently, in a scam that used Carrefour, we have even had to enter our card number, which would have meant authorizing practically any charge they wanted to charge us.