CaixaBank, phishing target after its merger with Bankia


caixabank phishing fusion bankia 1000×600.jpg

Due to the recent integration of clients and derivative platforms of the merger of the CaixaBank and Bankia entities, new phishing campaigns were quick to emerge that attempt to take this opportunity to attempt to steal certain fundamental data from users, such as their credentials to access online banking or their card details. credit.

And it is that the scenario was postulated perfect since last weekend, when due to the integration of the computer system of the two merged entities, some of the services of their applications were not available for a few hours. Thus, despite the fact that the two entities have issued various notices in an attempt to mitigate the latent threat, the resources of cybercriminals offer increasingly developed traps.

In less than a week, they have already seen each other different types of emails with similar subjects, in which users are invited to check the status of their account due, for example, to an alleged unauthorized access or a bank card blocking during this little “blackout”. Although again, it didn’t take long to see that the purpose of these emails is none other than to redirect us to a provided and potentially malicious link.

Phishing from CaixaBank

The first thing that emerges from these two emails is that although both senders refer to or CaixaBank, they undoubtedly have rather dubious email addresses. On the other hand, it should be noted that both cases take a rather alarmist line, even in one of the cases to share certain personal information such as our location, unusual practices of banking entities.

Likewise, one cannot help but notice the unprofessional style of the two emails, in one case using oversized icons and unprofessional typography; and even incur some spelling mistakes or misspelled sentences (product of an unsuccessful attempt to use a tractor in-line).

Phishing from CaixaBank

Phishing from CaixaBank

However, if for some reason we access the link, we will find landing pages very similar to the real ones, emulating all elements of entity websites. In fact, we can even see how the cybercriminals added an HTTPS security certificate to show a seemingly safe URL, with the lock icon on it. However, we must remember that this only implies that the communication between our device and the web is done in an encrypted way, and not necessarily that the web is secure.

Finally, another red flag once we continue to go through this phishing action is that it will start asking us for additional personal data, and even our credit card credentials. Data that should never be requested by our bank, and which we must not share in any way.

How to avoid being a victim of phishing

As always, we remind you that one of the best ways to avoid this type of deception is always to our own insight.

That said, when in doubt, the first recommended action is always to review these assumptions ourselves, either through the mobile application or our bank’s web platform, or in the event of the realization of such an assumption. than that of this scenario. CaixaBank and Bankia, by going directly to the nearest branch.


Comments are closed.