As happened last year, when SMS on behalf of Correos, FedEx or DHL took over our phones to steal information or install malware, we have started 2022 with a very well done smishing campaign.
Many users are receiving today an SMS on your mobile from the BBVA bank or from Banco Santander They are aiming to steal customers’ banking information, from what we’ve checked so far. The SMS you can receive says:
BBVA: Your account has been temporarily suspended for security reasons, follow the link to verify your identity: https: //ra0.cc/05re? Bbva.es.
Colleagues of this writing have also received these text messages on their mobile and we have been able to verify that the interface is achieved (Although the URLs are not, they are very different than those of these banks could be).
Another aspect that makes it a well-prepared attack is that while last year similar messages arrived, but with a telephone sender like last year, now the sender is BBVA itself or Banco Santander itself.
Anyway, unlike other phishing attacks that are very obvious, here it would not be difficult to think that it is a real message and fall into the trap. In the cover photo, you can see what it looks like if you open the link of the SMS. Here you can see how is the web interface if you enter from your PC:
In the case of messages on behalf of Banco Santander, we find this:
Banco Santander: Your account has been temporarily suspended for security reasons, follow the link to verify your identity: “https://santander.seguridad-web-esp.xyz/4RwjPsoa2Ww9AGSUEitDTyk0ZZ/
When accessing the link (which is like the previous one) with an Android phone, you access this page:
While waiting to learn more about this, BBVA itself has alerted on Twitter that they are cybercriminals impersonating the company’s identity and they recall that BBVA you will not send SMS to your customers with links or asking for keys or personal data.
Cybercriminals are impersonating companies and sending fraudulent SMS. From BBVA we will not send you SMS with links, nor will we ask you for passwords or personal data. We recommend that you delete the message. All the best.
– BBVA (@bbva) January 3, 2022
Ransomware: what it is, how it infects and how to protect yourself
Other attacks in 2021 could be the origin of this
Last year 2021 was marked for a long list of attacks from the first day of the year to almost the last.
It is likely that these cybercriminals have obtained the telephones thanks to the Flubot fraud that thanks to this type of messages, already in March 2021 had obtained 1 out of every 4 telephone numbers of the citizens of Spain. Specifically, infected 60,000 phones and stolen more than 10 million numbers.
Another possibility is that these numbers originate from the hack of The Phone House that led to the dissemination of the personal data of more than one million customers of this telephone company, after not paying the ransom for the cyberattack suffered. In this link is the information to check if your number was part of this attack.