In recent weeks, reports of money theft have intensified through a method called
Caller ID Spoofing
: criminals use the customer service number of banking institutions to gain the trust of users and obtain private information to make purchases, withdrawals or transfers from your accounts.
Mónica Hernández, Director of Information Security at Banco Sabadell, explains that, unfortunately, this type of illegal activity is common.
Question.
That the bank switch appears on the caller ID may, technically, be relatively easy to do, but how come they have such personal or confidential information about us?
Reply.
Today, getting data may be easier than many think, we can see this by just taking a look at what we publish on our social networks.
To fall for these frauds, sometimes it is enough for the criminals to have our name, email, job title, hobbies or names of family and friends in order to get involved in their conversation to finally achieve that we are the ones who provide them with the data what do you need.
The latter is a practice known as "vishing" (voice and
phishing
), which consists mainly of the use of telephone services to persuade someone to perform involuntary actions through deception.
Q.
How to avoid being a victim of this type of theft?
What is the key information, no matter how “legal” the call may seem, that we should never provide?
A.
It is best not to answer or immediately cut off any call that seems suspicious and to contact our bank immediately to confirm our movements.
It is important to remember that no banking institution will request data such as: user number, passwords, card security code and much less the PIN to withdraw money at ATMs.
Other recommendations to consider, if a call is suspected, would be not to answer any questions, especially those that only allow a "Yes" or "No" answer, and not to provide further personal information to these criminals.
Banks have opted for multiple campaigns that precisely give warning about these attacks.
Having this information can be the difference between keeping our accounts safe or suffering fraud.
Q.
In terms of cybersecurity, what are the most common fraud practices today?
A.
"Phishing", "vishing" and "smishing" are some of the frauds that have become very relevant in recent times, as they are the most used techniques for stealing personal information, access credentials to online services or Bank information.
These practices are based on the sending of
emails
, SMS messages or telephone calls impersonating a known service, person or company so that the victim accesses a fraudulent page that pretends to be the legitimate one, clicks on a malicious link or simply provide information from your own voice.
The purpose is the same: to trick people into entering or revealing all kinds of information so that the cybercriminal can take advantage of it.
To prevent being a victim of these practices, the advice is not to respond to any request for personal information (or sensitive data) received through the channels I mention.
We also recommend writing the web page we want to access directly in the search engine, and thus avoid clicking on the links or links that are sent to us through emails, as they could redirect us to false and / or fraudulent web pages.
Q.
Online
shopping
has exploded due to the pandemic, what are the main problems that you detect right now?
R.
In digital purchases, a greater problem can be observed in fraudulent websites, which pose as an
online
store
, with the process as we normally know, but without completing the purchase, since it is common that these sites do not exist and they just steal money from buyers.
Q.
As a consumer, what are the signs that should set off alarms when shopping online?
A.
We must ensure that we make our purchases from safe sites and authorized distributors.
Currently there are businesses that use social networks to make their sales, and that do not have verifications.
In these cases, as consumers, you need to do more research.
Checking comments or reviews on the internet is a great start to get to know the store and know if it is safe.
Another red flag is the bargain prices: if the discounts exceed 55%, it is very likely that you are in front of a false page, whose only objective is to steal your money or get your information.
Reviewing the contact options they offer you can be another indication: if they are limited or suspicious, you have to be careful, for example, if they only have one contact form to complete or the customer service email is a Yahoo or Gmail account and not a corporate account, there is more chance that it is a fraudulent company.
Q.
Many of us already carry out almost all of our transactions over the phone, what security recommendations do you propose to protect our wallets?
R.
We must return to the advice we have talked about, but it is also important to verify the network from which we connect and the authenticity of the sites we browse, always looking for the closed padlock next to the URL.
Here it will also be of value to make use of secure payment platforms such as PayPal, which guarantees the confidentiality of data when making transactions.
Q.
Has the home office increased the risk of cyber attacks on our bank accounts?
A.
Working from home can mean multiple risks, since being connected from different non-business networks or with low levels of protection, exposes us to possible data theft or information leaks, putting both employees and employees in a vulnerable situation. Business.
To do this, security solutions and protocols must be adopted that, based on basic actions, can make a difference.
For example, the ideal is that work information can only be managed from computer equipment and devices provided by the company to work at home.
It is also recommended to change passwords periodically and make them robust by combining numbers, special symbols, uppercase and lowercase letters to make it difficult for cybercriminals to break it.
Companies should invest in risk analysis to know what they are facing, what needs they will have to be protected and thus articulate a teleworking system that is as less vulnerable as possible.
What other tips could you give us to protect our bank accounts in digital times?
My advice is to lean on the digital tools that we have at our fingertips.
Today we are fortunate to have mobile banking, which gives us information on movements in real time, making it much easier to identify any suspicious transactions.
It is also important to maintain communication with our bank, to approach customer service for any questions or clarification, always from official channels.