June 3, 2023

The National Police has detected a new modality in telephone scam known as spoofing, a technique in which cyber scammers pose as a trusted sender to access their victims’ data.

Until now, the usual thing was for the false employee to verbally request the access codes to the telephone bank from the victim, however, in this new variant, the cybercriminal himself warns that for security reasons the password should not be verbalized to anyone and that the password must be dialed directly on the phone. After the deception, the fraudster captures the keystrokes in the terminal, controlling the secret keys from that moment on.

After gaining the trust of the victims, they request sensitive data

This fraud, known as spoofingconsists of the impersonation of the real telephone number of energy companies, banks or public institutions, which makes the scam almost undetectable.

Although the spoofing does not form a method of scam novel as such, specialists in the fight against cybercrime from the National Police have detected an improvement in the technique that makes it more difficult for victims to detect. In this sense, cybercriminals impersonate the real telephone number of energy companies, banks or public institutions, in such a way that if the victim checks who said number belongs to, they will see that, indeed, it is the company or entity to which scammers are impersonating.

Through the phone conversation, and whenever the phone number matches, they gain the trust of their victims by talking about account security issues. Next, they are instructed to dial the private banking access code on the keyboard of their mobile terminal, or a verification code, through a link sent at that very moment by sms.

Under the pretext and warning that -for security reasons- they should not speak the password to anyone, now they ask you to dial it directly from your keyboard. In the event that the victim falls for the scam, the scammers capture the keystrokes they type on their mobile and start to control their secret passwords.

Advice from the National Police to avoid being a victim of cybercriminals

  • Never provide personal or bank details without making sure that it is the company or entity in question. In addition, our bank, telephone company or utility company already has this data, therefore, they will never ask us for it.
  • Remember that no private company or public institution uses this method to request personal data from its
  • Never provide card information, identity documents, income statement, payroll, usernames, passwords and passwords.
  • Do not accept, in any case, the conditions offered in the same call or communication. Request that they send us the documentation for study or request that they make a second call so that we can make
  • Do not click on the links in the text messages they send us and, in the case of bank accounts, always access through the application provided by financial institutions, telephone companies or service companies.

Leave a Reply

Your email address will not be published. Required fields are marked *