Security Why you should not open the links that come to you in a message
Bizum: This is how the Spanish PayPal for mobile phones works, which is sweeping our country
The cybersecurity company Panda Security has detected a new scam through Bizum, the platform for payments via mobile phone, in which criminals pose as Social Security officials and offer the return of fees for schooling in which even mention the number of children and their age to deceive the victims.
As Panda explains, this information is obtained through social engineering and publications on social networks.
In other words, unlike other attacks in which random people are attacked, in this case, specific victims are searched whose data they have previously obtained thanks to Twitter, Facebook, Instagram and Google searches.
The scam is carried out through Bizum, the application for making bank payments between people on the mobile contact list, and Panda indicates in a press release that they have detected "several people" who have been victims of it.
The deception consists in that an alleged official of the General Treasury of Social Security calls her victims to indicate that they have pending the return of some - nonexistent - fees for the schooling of their children and that it is a State aid before the Covid-19 crisis.
To make the deception more effective, the attacker talks for a few minutes with the victim to 'make sure' that he can receive the false help, then they send him a text message whose sender is TGSS (an acronym that matches those of the Treasury General Social Security).
In it appears a supposed validation code that they must sign.
In reality, the scammers use this code to associate the victim's credit card with a Bizum account from which they then send the money.
In other cases, the attackers request that a code that the victim has just received be sent to them as a way to verify their identity.
In this way, you can skip the two-step verification, since this password has been sent by the bank to your customer because a transaction or change has been attempted and it is necessary to enter that password to confirm it.
The victim, who would normally realize that something is happening because he has just received an SMS without expecting it, in this case thinks that it was the bank itself and does not read the rest of the message.
Panda Security's global consumer operations manager, Hervé Lambert, said that "the most worrying thing about this scam is that the organized gang of cybercriminals is using social engineering to make their deception almost perfect."
Society must be aware that everything published on social networks "is extremely valuable information for cybercriminals", so we must be "scrupulously cautious" when managing the privacy of our social profiles and devices, adds Lambert.
According to the criteria of The Trust Project
GadgetsAmazon launches Halo, a bracelet that listens to you and tells you if you are angry or fat
The tricks that Amazon uses to make you spend more money shopping
GadgetsXiaomi to launch a phone with the hidden camera under the screen in 2021
See links of interest
Santander League Standings
16th stage of the Tour de France, live: La Tour-du-Pin - Villard-de-Lans