Since 2020 we have been suffering mobile phishing campaigns through SMS scams like no one remembers. At this point in 2022, there are already them in all colors. In recent months we have told how the banks were, affecting BBVA, Santander or CaixaBank. This weekend we have received several versions of a fraudulent message from this last bank. A) Yes, read what we received in our SMS app:

CaixaBank: Your account has been suspended. The account will remain limited until you approve your information and will be reactivated from: [URL]

As always, in addition to the misspellings (the comma instead of the period, the capital letter after the comma, the lack of accent marks, etc.) it is easily detected that it is a message with malicious intentions for several reasons. First of all, the phone from which we opened it, a Google Pixel 4a, indicated that we were dealing with “possible spam”. Second, the link was suspicious, and opening it in the browser confirmed the suspicion with this image:









Even so, I wanted to see what was behind it this time, and after seeing that the domain was “rankuke”, I went in to see what surprise the mobile showed me this time. Let’s see how it went.

If you are careless, he even asks you for the house keys



The three states in which we saw the Caixabank website after entering false data.

When entering the link, ignoring the recommendations of Google Chrome, the first thing we came across was a “Secure Access to CaixaBankNow” website. In this sense, it is very credible, since there are no pixelated logos or misspellings, although there is a URL that should make anyone suspicious.

In our case, we wanted to know what was behind this, what the website was doing after taking over our data. And surprise, it wasn’t just about getting our CaixaBank username (DNI) and password. Once we entered our fake credentials, the website did not warn us that this ID did not exist or that the password was wrong, because he has nothing to compare with, and because what he wants is for us to reach the end.

In addition to knowing how much money we have in our account, the attackers want to empty it, for which they ask for our card number

Thus, we arrive at the second screen, the one of the capture of the center. Incredibly, have emulated the CaixaBank identity confirmation website, which gives it much more credibility for people who are not very aware of these scams. Even so, since we are not making any purchases online or with a card, it makes no sense to ask us to “Confirm the operation through the CaixaBank Sign application”, because beyond the authentication of the first step, there is no more to confirm, moment.

And we come to the key point and the end of the experiment. After doing nothing, the web reloaded, and magically, CaixaBank verified me and to continue asked me for my debit card details, with the expiration date and the CVV code. It is likely that if I entered four false figures, I would have ended up asking for the entire card. In the end, it is what they are looking for to empty our account. Have the possibility to check what we have, and have all the necessary data to charge us the amount they want.