CaixaBank targeted for phishing after its merger with Bankia

Due to the recent integration of clients and platforms derived from the merger of the CaixaBank and Bankia entities, new phishing campaigns have not been slow to emerge that are trying to take advantage of this opportunity to try to steal some fundamental data from users, such as their credentials for accessing online banking or their credit card details.

And it is that the scenario was postulated perfect since last weekend, when due to the integration of the computer system of the two merged entities, some of the services of their applications were not available for a few hours. Thus, despite the fact that both entities issued various notices to try to alleviate the latent threat, cybercriminals’ resources offer increasingly better-developed traps.

In less than a week, they have already seen each other different types of emails with similar subjects, in which users are urged to review the status of their account due, for example, to an alleged unauthorized access or a credit card blocking during this small “blackout”. Although once again, it did not take long to see that the purpose of these emails is none other than to redirect us to a provided and potentially malicious link.

The first thing that stands out in these two emails is that, although both senders refer to or CaixaBank, they undoubtedly have some rather dubious email addresses. On the other hand, it should be noted that both cases take a rather alarmist line, even in one of the cases to share some personal details such as our location, unusual practices of banking entities.

Similarly, we cannot help but notice the unprofessional style of both emails, in one case using oversized icons and unprofessional typography; and even incurring some misspellings or misspelled phrases (product of an unsuccessful attempt to use a tractor in line).

However, if for any reason we access the link, we will find landing pages very similar to the real ones, emulating all the elements of the entities’ websites. In fact, we can even see how cybercriminals have added a security HTTPS certificate to show a seemingly safe URL, with the lock icon. However, we must remember that this only implies that the communication between our device and the web is done in an encrypted way, and not necessarily that the web is secure.

Finally, another of the red flags once we continue browsing through this phishing action, is that it will begin to ask us for additional personal data, and even our credit card credentials. Data that should never be requested by our bank, and that under no circumstances should we share.

How to avoid being a victim of phishing

As always, we remind you that one of the best ways to avoid this type of deception is always through our own insight.

That said, in case of doubt, the first recommended action is always to review these assumptions ourselves, either through the mobile application or web platform of our bank, or in the case of fulfilling an assumption such as the one in this scenario. CaixaBank and Bankia, going directly to the nearest branch.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *