Close panel

Close panel

Close panel

Close panel

Phishing, vishing and smishing: what are they and how can you protect yourself?

Now that using a cell phone and computer has become an everyday part of life, it’s important to be aware of the different types of online threats.  Phishing, vishing and smishing are just a few of the online scams cybercriminals use to steal private data, but this can be avoided through information and preventative action.

Phishing

This is probably the method cybercriminals use the most. It involves sending fraudulent emails sending customers to a fake website that looks like their bank’s. This may also occur in Facebook with fake fan pages that post fraudulent content and request confidential information from users.

Phishing cybercriminals frequently use fake campaigns to update customer data, or ask customers to sign up for a sweepstakes that the bank is supposedly holding. Fraudulent websites request information like IDs, online banking passwords, credit card numbers, and even the security code, with which they can make online purchases unbeknownst to the customer.

The first line of defense against phishing is using common sense to not provide confidential information. If you are already a customer of the bank, the financial institution handles this information securely and would never send an email requesting this data. Banks never send emails like “you won a prize” or “unblock your account”. Finally, if you do click on the link, always check the URL of the website. It should have the icon of a lock before the name and start with “https”.

¿Cómo saber si un correo electrónico del banco es fraudulento?

Phishing cybercriminals frequently use fake campaigns to update customer data, or ask customers to sign up for a sweepstakes that the bank is supposedly holding.

Vishing

This term comes from the combination of two words: voice and phishing. It refers to the type of threat that involves a fraudulent phone call using information previously obtained online.

This method consists of two steps. First, the cybercriminal steals confidential information by email or on a fraudulent website (phishing), but needs the SMS password or digital token to carry out and validate an operation. This is when the second step takes place. The cybercriminal calls the customer on the phone, claiming to work for the bank. Using particularly alarming messages the cybercriminal tries to get the customer to reveal the SMS password or digital token needed to authorize transactions.

In these circumstances, a customer should never reveal this kind of information to anyone because they are the key to authorizing transactions. The customer should hang up immediately and contact their bank to report what happened. The bank will never contact customers to request sensitive and confidential information on passwords and pins.

It refers to the type of threat that involves a fraudulent phone call using information previously obtained online.

Smishing

Just as phone calls are a means to try to trick customers, so are messages on WhatsApp or text messages (SMS). This is where the method known as smishing get its name.

This threat takes place when the customer receives a text message supposedly from their bank saying that a suspicious purchase was made with his or her credit card. The text message asks the customer to contact their bank, and gives a fake phone number. The customer then returns the call and that’s when the cybercriminal, pretending to be the bank, requests confidential information to cancel the purchase. Sometimes the message also includes a link to a fraudulent website to request sensitive information.

The solution to smishing is to never pay attention to messages requesting data, a phone call or an operation. Pay close attention to suspicious phone numbers and remember that the only phone number for BBVA Continental’s telephone banking is 595-0000.

This threat takes place when the customer receives a text message supposedly from their bank saying that a suspicious purchase was made with his or her credit card.

There are also other threats like phishing, vishing and smishing that are not limited to digital channels, but can also appear when performing operations on ATMs or making a purchase, for instance. BBVA Continental’s website has a complete list of these threats and the best advice to avoid falling victim to scammers. Information and prevention, therein lies the solution.

Other interesting stories