-
Most common scams
-
Recommendations to take into account
Smishing
Smishing is a type of fraud that uses text messages via SMS or WhatsApp to deceive people.
How does it work? Criminals send fake messages that appear to come from trusted companies or institutions, such as banks or delivery services, to steal personal information, passwords, or money. The goal is to trick the victim into clicking on a link/attachment or responding with confidential data, allowing access to their accounts or the installation of malware on the victim's devices.
How do I avoid these attacks? In any situation, click on suspicious links or attachments. Never forget to verify the sender of the communication.
Voice hacking
Voice hacking is a newer type of fraud that uses technology (artificial intelligence) to imitate or clone a person's voice.
The goal is to use this cloned voice to trick family, friends, or coworkers into believing they are speaking to the real person. They then contact victims and request urgent money transfers, personal data, or access to bank accounts. It is a very dangerous method as it becomes difficult to distinguish between a real and a fake voice.
How do I avoid these attacks? Be suspicious of unusual contacts and requests. These contacts always happen through other numbers and it is preferable to contact the person using the number you know.
Card cloning
This fraud method involves physically copying card data and transferring it to a new, blank card - the clone card. This is a very sophisticated process that involves face-to-face action and is then used to make purchases online or in physical stores.
It's important to always check payment terminals and ATMs and monitor your accounts to identify transactions that may be suspicious.
Phishing
Phishing is an online fraud technique that uses emails to deceive victims.
Criminals pose as legitimate entities, such as banks, public authorities like the police, streaming services, or social media platforms, to steal personal and confidential data. They create a sense of urgency or threat so that the victim clicks on a malicious link or enters their login details, passwords, and credit card information on a fake website.
How to avoid this? Be wary of any unusual or urgent requests. If in doubt, contact the official authorities using the phone number available on their official website.
Online shopping
Online fraud is a constant threat and affects multiple victims at once. Criminals use tools like fake Google Ads ads or legitimate-looking e-commerce sites to lure victims. This is a massive scam that exploits public trust in popular platforms to steal money or data.
It is important that:
- Be suspicious of big promotions with expiration dates: Example: ''last chance! Last hours to take advantage of the 70% discount''.
- Always check the URL of the pages: Addresses usually start with ''https://'' - Look for page reviews: Even if everything seems legitimate, if you don't have experience with the page, look for reviews from other customers.
The impact of AI on fraud
Artificial Intelligence has positive aspects, however, we must bear in mind that it is something that is constantly learning, and therefore, we must always question its results.
AI works for both good and bad, and as it develops, fraud becomes increasingly sophisticated and difficult to detect. With the ability to clone voices, create deepfakes (fake videos), and produce error-free email/text messages, it's crucial to be more attentive than ever and pay attention to even the smallest details.
How should I act in case of suspicion?
Protection starts with you.
Recommendations to take into account
Do not share personal information: Never give out passwords, debit or credit card numbers, security codes, or two-factor authentication (2FA) codes. Remember that BBVA never requests this data.
Attention when using 2FA authentication: This model is an extra protection. Instead of using just a password, this authentication requires a second (single-use) code that is usually sent via SMS or generated in an app. Never share it.
Create strong passwords: Don't take any risks, use complex and unique passwords for each account. Combine letters, numbers and upper/lower case.
Monitor your accounts: Check your bank statements and card bills regularly. This way you can identify if there are any suspicious transactions and act quickly.
Attention to urgent communications: The sense of urgency is a common fraud tactic. Be suspicious of urgent requests such as data updates, transfer requests, etc.
Device and network security
Keep your software and applications up to date whenever possible: Ensure your operating system, antivirus, and applications are always up to date to address security vulnerabilities.
Use public Wi-Fi networks sparingly: Unsecured Wi-Fi networks can be easily intercepted by criminals. When connecting to these public networks, avoid accessing accounts or performing banking transactions. Prefer to use the mobile data network (3G, 4G and 5G).
Pay attention to your home Wi-Fi network: Your Wi-Fi network is not immune to danger. Do not use identifying names (e.g., first names) and create a strong, complex password.
Be careful when downloading apps: Make sure that when downloading a new application you do so from the official stores. Always check other user reviews before downloading.
Care with cards and online purchases
Payment details: Before validating a transaction, always confirm that the details presented are correct.
Always check payment terminals and ATMs: Before inserting/using a bank card, examine the device. These devices can be tampered with with new keyboards, the addition of hidden cameras, or dual card readers.
Never lose sight of your card: When paying, always have your card in sight and never give it to any employee.
Never share your card PIN with third parties: This number is yours alone. Never share it. If possible, change it from time to time.
Buy from secure sites: Before entering your card details to make a payment, make sure the website you are on is trustworthy. Secure addresses start with ''https://''. In addition, give preference to well-known stores with a good reputation. Otherwise, always look for reviews from other customers.
Advice for companies
Fraud in companies is common and can be avoided:
Increase internal control: Establish systems of separation of duties so that a financial transaction does not depend on just one person.
Regular authorships: This ensures that there are periodic reviews of the company's finances and allows the identification of irregularities or vulnerabilities in the company's system.
Technology: Make sure you use a good security system and that all software is up to date. For extra security, implement two-factor authentication (2FA) for company employee accounts.
Beware of suspicious orders: You should never share data or make transfers outside of the usual protocols.
Online shopping security: Use trusted platforms that include fraud prevention systems.