In recent weeks, we have seen how large companies have been hacked and their data compromised. Banco Santander, Iberdrola, Decathlon and Ticketmaster are some of them. With this data, cybercriminals now have a way to contact us and some of our personal information. According to the OCU (Organization of Consumers and Users), this type of Hacks usually anticipate massive scam attempts, where the identity of well-known companies is impersonated to obtain the client’s banking details and make charges at their expense.
The modus operandi of these online scams is very similar: taking advantage of the leak of the name, contact information and the user’s connection to the hacked company, the cybercriminal sends a false email (This is how it starts phishing) or a fake SMS (the smishing) posing as personnel from that same company. This communication encourages you to click on a link that pretends to be that of the official website with some important excuse, such as the detection of a security problem or the blocking of the bank account. Once inside the website, the victim will be asked for their bank details and passwords such as the only way to solve this supposed problem. These are the first two techniques.
The third of them is known as vishing and it is very similar, just change the channel. Instead of sending a fake email, the cybercriminal will call the victim posing as staff of the hacked company to ask for your bank details with similar excuses. There are cases in which impersonators are really well prepared and use perfectly elaborate language, with all kinds of technicalities and clarifications, which increases their chances of success. This elaborate technique is known as spoofing.
To avoid falling into them, the OCU recommends not opening emails or SMS from unknown origin. If we think we know who sent the email and we open it, do not open the link that it suggests. If in doubt, call the corresponding company directly and see if what the email states is true. If what you receive is a call asking for your banking information, know that it is fake, No company or bank asks for this information over the phone.. And finally, it is recommended to realize a “crowd bath” on the networks or what is the same: egosurfing. This is searching for ourselves on networks and seeing what information appears, in which networks we are tagged and by whom, to know if someone else may have information that we consider private.
When in doubt, it must be remembered that the European Banking Authority not only defines unauthorized payment transactions as fraudulent, but also those in which the payer was manipulated to accept a payment order. Furthermore, the Civil Code itself, in its article 1,265, considers that consent is void if given in error. But, as always, prevention is better.