Phishing is a scam attempt that takes advantage of the user's unconscious behavior to steal sensitive information. Most of these cyberattacks happen when you receive an email, in which the sender pretends to be a known company, financial institution, or public body.
The message uses an alarming tone or language that requires immediate action on your part, such as clicking on a link, updating data, or providing information to claim a reward, prevent an order from being returned, or an account or bank card from being blocked, etc. The important thing is to not act quickly and take a few minutes to analyze the content and the circumstances in which you received the message.
Here are some guidelines to identify if it is phishing. Be careful when:
- The message is addressed to you, but it is not personalized or it contains generic and vague data (name, e-mail address, mobile number, etc.);
- The tone of the message is alarming to make you act urgently;
- The wording of the message and some words sound strange, as if they were written by a foreigner or if it were the translation of a message into another language; or it even contains subtle spelling and grammatical errors which do not go unnoticed;
- The messages can also come from companies or organizations with which you have no connection;
- the sender's email address does not belong to that company or organization's Internet domain (although they sometimes manage to make it look quite similar);
- The messages include a hidden link to click that does not belong to the Internet domain of the company or organization.
Why do they know your email address?
It is simpler than you might think. In the world of cybercrime, there are groups that specialize in the mass collection of email addresses and confidential information for sale on the dark web. In many cases, this information comes from a breach of personal data, and, in other cases, hackers generate random email addresses by combining first names, last names, and email providers to send deceptive messages.
They can also obtain public data from social network user profiles or purchase lists of email addresses to use in their phishing campaigns.
How do they know that you are a client of that company or entity, or that you have a connection to that organization? Most of the time, they do not know, but are playing with probability. Almost all citizens are users of public bodies, customers of a bank, or of the main energy supply companies, etc. So, if they send you a message pretending to be one of them, they are very likely not wrong.
How to protect yourself from phishing?
When you receive an email, your email program has spam filters that block unwanted messages and users. However, it is possible that some phishing scams bypass your provider's anti-spam mechanisms and reach your inbox. In this case, you will have to be careful and be wary of the content:
- Verify the sender of the email: use a search engine to check that the address belongs to the official domain of the company or organization. In the case of BBVA, check that it matches one of these domains exactly: <@bbva.it>, <@pec.bbva.it> o <@email.bbva.it>.
- Check the website link: verify that the web address entered in the message begins with https://, and that it corresponds to the official domain of the company or organization.
- Do not download or install attached files or programs included in emails, unless you are absolutely certain that they come from a secure source.
- Do not provide your personal data or passwords when they are requested through e-mail or an SMS. Remember that BBVA will never ask you for your bank details through these channels.
- Do not follow the directions of the message if the tone is extremely alarming or forces you to make a decision in a short period. Contact the company by phone, app, etc. to check if it is a fraud.
If you receive an email with the characteristics described and suspect that it is phishing, you can move it to the Spam folder, so your email provider will receive a copy and can analyze it to protect other users.
Finally, if you suspect that you have received a phishing email, notify your bank as soon as possible, so that they can act quickly to close the fraudulent website.
Puoi anche notificarlo pubblicamente tramite il sito https://www.commissariatodips.it/ o di persona presso il commissariato di Polizia più vicino, consultabile nella lista dei Punti di Interesse degli Uffici di Polizia (Questure e Commissariati).
What to do after a phishing attack?
If you have been a victim of phishing, we advise you to act immediately by following these guidelines:
- Report the problem to your bank. The main banking institutions and bodies have specific channels for reporting these cases with pertinent instructions. They will ask you for the phishing email you received, specifying the type of information that you provided, and will tell you what to do.
- Change your passwords: if you have provided passwords, a card PIN, access codes, etc. modify them as soon as possible.
- Run a virus scan: if you installed software, uninstall it and use an antivirus to eliminate any malware left on your computer. Do the same with the files you downloaded.
Request your physical or virtual BBVA Debit Card with a Dynamic CVV at no cost by opening the BBVA Online Account.
You might be interested
-
The main objective of a cyber attack is the financial benefit. To achieve this, there are different types of attacks aimed at stealing the confidential information of individuals and companies.
-
BBVA uses a Secure Password system to guarantee the security of your transactions.
-
Around Black Friday, the shopping rush starts due to unbeatable offers. Here are some tips for shopping online safely and avoiding scams.