The summer period is one of the times when malicious campaigns are most widespread.
Recently, there have been numerous telephone phishing attacks, known as vishing , in which cybercriminals deceive their victims by using calls or voice messages disguised as communications, in which they impersonate their Entity. The purpose of the crime is usually the theft of personal or banking information and user credentials with the aim of committing fraud.
This type of fraud is proliferating in the sector and is complex because voice impersonation generates a lot of trust . If you are a client of one of the Grupo Caja Rural entities, it is very important that you are clear that your entity does not request private information from our clients about their digital banking via email or telephone. Remember:
Never respond to an email requesting your password to access Ruralvía or your signature key or other private key.
You should not provide bank details or private keys via SMS.
Do not give your data or private keys to people instagram data who call you on the phone, even if they pretend to be your bank branch.
We take your safety very seriously
In order to increase your knowledge regarding this type of campaign, we are providing you with a series of concepts and recommendations that will allow you to detect and respond to this type of threat.
Types of Vishing
vishing email and telephone answering mode
The most common modus operandi is sending emails requesting that users call a phone number that displays an answering machine asking them for confidential information.
Vishing email and phone call mode
The cybercriminal obtains confidential information through a fraudulent email or website , which is called a phishing attack, but needs some additional information that is required when Two-Factor Authentication is activated.
In this case, an SMS code or another type of key is needed to validate fraudulent online transactions, transfers or purchases. In this way, cybercriminals call the client by phone, identifying themselves as employees of the Entity and, after "giving them confidence" and alarming them in some way by arguing about urgency or risk, they will ask for the key they need.
Recommendations
attention iconBe suspicious if you receive a call from a known service that you are not expecting. Especially if you receive a call from a known service that requests urgent action, such as providing sensitive information.