There are so many kinds of cheating and identity theft (by email, calls, SMS…), that trying not to be scammed is like going through a minefield every day, trying not to explode. Some may hope that, in the event that we suffer these criminal practices in our flesh, our bank will be the main ally, but this is not always the case.
Imagine that you they steal 29,000 euros with charges to your credit cards and that the only initial solution from your bank is to send you a “more secure” card. That has been the story of Julián Nieves Tabares.
SMS smishing victim
The affected received last April a sms text message on his mobile phone in which, posing as BBVA, he was notified that his account had been temporarily suspended for security reasons. To validate his identity, she had to follow a link. Indeed, it was a case of smishing (phishing via SMS).
One of the common practices of scammers and cybercriminals is impersonate a trusted brand so that you trust them and they can play it for you. In the case of banking entities, if you bite, it is even easier to steal your payment details.
When Julián Nieves clicked on the link in the SMS, he was redirected to a website that looked identical to that of BBVA, only it was false. Here he entered his name, surnames and passwords, along with a message stating that he would receive in his email account the new information necessary to operate again with his apparently already unlocked account.
The bank solution is amazing
It didn’t take long for the victim to start seeing unauthorized charges. Specifically, 39 unauthorized operations in different businesses that occurred from April 26 to May 4. Upon reviewing her account on May 6, she saw that she was being scammed and contacted her bank.
The BBVA Customer Service attended Julián and, once the case had been exposed, in which charges had already been made for a value of 28,802.35 euros, they simply offered Julián that they would send him a new card “with a number more secure”, without addressing the problem of fraud and lost money.
Fortunately, this story had a happy ending thanks to FACUA, the organization for the defense of consumer rightswho demanded from BBVA Julián’s right to recover his money in accordance with article 36 of Royal Decree-Law 19/2018, of November 23, on payment services and other urgent measures: “Payment transactions will be considered authorized when the payer has given consent for their execution.”
That same Royal Decree also establishes that banks are required to implement double authentication, which did not happen in the aforementioned charges. Finally, the financial entity returned to the affected all the lost money due to these fraudulent charges.