This is a new form of banking phishing called "SMS spoofing".

What does it consist of? The hacker or cybercriminal hires the services of an internet provider (of course, abroad, so as not to leave a trace in the event of a complaint) which consists of replacing the numerical identifier of their SMS with an alphabetical identifier or "alias" identical to the one used by the bank. The "identity tracing" reaches such a point of perfection that the messaging applications of mobile phones themselves group the fraudulent message in the same thread of entries as the real SMS messages.

The SMS, pretending to be the bank and simulating the need to re-establish the connection with the online platform, to unblock the bank account, or using any other pretext, asks you to click on a link... Making such a click has a perverse consequence... Which one? Well, one of these two scenarios will occur:

• That a malware or malicious executable file is downloaded to the mobile device that will eventually take over the victim's user and password credentials, and may take control of it.
• Or that the victim is redirected to a "mirror website" that impersonates the bank's, from which they will be asked for the aforementioned security credentials.

Once you have your username and password credentials.... the hacker only has one step left to steal the money, which is none other than to get hold of the validation code that the bank requests to execute the transfer that has just been ordered, and which has been sent via SMS by the bank to the customer.  What will you do to achieve this?

Well, to put into action their clever social engineering techniques, difficult to detect by a large number of customers.

So, through a new SMS with a stolen identity, or why not, through a phone call from someone who pretends to be an employee of the bank (and who even uses the bank's authentic phone number; which is easy to get through web applications) it will ask the customer to give it that one-time validation code pretending that it is necessary to solve the problem. any type of technical incident. Once the one-time validation code has been successfully obtained by means of deception, the fraudster will order the transfer from the bank account and consummate the theft of the money.

At Palomar Abogados we want to insist that the Bank is responsible to the bank user for the refund of the amount stolen as established by the Banking Services Law and European regulations, since the bank customer cannot be held responsible for the security gaps presented by the online banking service unless they have acted with fraud or gross negligence in the custody of their security credentials.

We talked about it in an interview that Palomar Abogados recently held on CADENA SER, which we attach here

https://play.cadenaser.com/audio/1615804954_410827/

In fact, the Bank of Spain itself has had no choice but to warn about the massive use of this fraud with respect to bank users. We show you the press clipping that mentions it.

https://cincodias.elpais.com/cincodias/2022/01/12/economia/1641986243_945284.html

If you have been affected by this type of bank fraud, and the bank "drags your feet", contact our professionals immediately. We will offer you the legal assistance you need to recover the money. Take a step forward, and claim your money.

https://palomarabogados.es/contactar/