Policía Nacional has detected an elaborate form of bank fraud that combines the use of false SMS - which simulate to be sent by the victim's bank - and subsequent telephone calls from alleged employees of the entity to perfect the scam.
Secret codes and personal data should be kept private and never be shared!
Once the data is in their possession, the cybercriminals call their victims posing as employees of their entity. In some cases, the call may show a legitimate bank phone number, although it is actually a "mask" that hides the phone number from which the call is actually made. In this call they inform the victim that there are suspicious movements in their account. To resolve this situation and reverse the alleged fraudulent operations, they requests the electronic signature code with which it usually operates. While they speak, and to give more credibility to the deception, they can issue new SMS informed of the supposed steps they are taking or simulate that they are transferring the calls to other departments. With this elaborate process, criminals get full access to their victims' online banking and can make payments and transfers while maintaining communication with the scammed, from whom they request the necessary keys to authorize operations.
In case of doubt about the authenticity of the received call, hang up and call back the bank's contact number directly.
Source: