Today a new season begins, summer has come and holidays are already in our minds. I’ve been thinking whether to go somewhere or stay here hoping to have good weather to go to the surrounding beaches, because now is not a good time with the crisis and all this stuff.
Well, I’ve made up my mind and I’m going to travel around the world, that’s it. I know that I’ve just said that I couldn’t go anywhere, but it seems that I’m lucky woman. Now, you’ll see why…
Having a look at my inbox I’ve seen that between Thursday and Saturday I’ve received five emails from different Spanish banking entities, 2 of them sent by the Banco de España and 3 by the BBVA, informing me of several transfers that have been made to my bank account. I’ve got enough money to organize a great trip, as all the transfers come to nearly €10,000.
Well, what I found remarkable was that I’ve received the money from unknown people, someone called Severiano Perea, Nohemi Cornejo or Ernesta Aguilera, and sincerely I don’t know who they are, and how they’ve got my account number. Is is possible that so many people made a mistake?
Besides, I thought that when somebody made a transfer to your account, the banking entity didn’t send you any notification via email, andi t was you the one who had to look it up by updating your account or through the online banking service. However, here I’m given an ID and I have to access a website that has nothing to do with the affected banks.
This sounds rather suspicious, so I’m not going to act on impulse and I’m going to appeal to the common sense. There must be something fishy going on here.
These are some examples of the messages I’ve received:
Actually, they are fraudulent emails which try to pass themselves off as the real banks in order to deceive users.
Regarding the Banco de España messages, the link redirects you to a website imitating the banking entity from which a malicious file is downloaded. This file belongs to a Banker malware, concretely, SinowalXBY.
Regarding the BBVA messages, they are phishing cases, as the link redirects you to a very similar website to the original one, in which you are required more data than usual to log in.
Both banking entities are informed of this phishing emails and warn their customers of this in their websites.
As usual in these cases you must take precautions and mustn’t trust this type of messages. And if in doubt, contact your bank to make sure if it’s a phishing.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
