Cybersecurity

Fraud attempts are increasingly common. Find out what types of fraud are most commonly used, what recommendations you should take into account, and how to act if you suspect fraud.

Smishing

Smishing is a type of fraud that uses text messages via SMS or WhatsApp to deceive people.

How does it work? Criminals send fake messages that appear to come from trusted companies or institutions, such as banks or delivery services, to steal personal information, passwords, or money. The goal is to trick the victim into clicking on a link/attachment or responding with confidential data, allowing access to their accounts or the installation of malware on the victim's devices.

How do I avoid these attacks? Never click on suspicious links or attachments. Always verify the sender of the communication.

Voice hacking

Voice hacking is a newer type of fraud that uses technology (artificial intelligence) to imitate or clone a person's voice.

The goal is to use this cloned voice to trick family, friends, or coworkers into believing they are speaking to the real person. They then contact victims and request urgent money transfers, personal data, or access to bank accounts. It is a very dangerous method as it becomes difficult to distinguish between a real voice and a fake one.

How do I avoid these attacks? Be suspicious of unusual contacts and requests. These contacts always happen through other numbers and it is preferable to contact the person using the number you know.

Card cloning

This method of fraud involves physically copying card data and transferring it to a new, blank card - the clone card. This is a very sophisticated process that involves face-to-face action and is then used to make purchases online or in physical stores.

It's important to always check payment terminals and ATMs and monitor your accounts to identify transactions that may be suspicious.

Phishing

Phishing is an online fraud technique that uses emails to deceive victims.

How does it work? Criminals pose as legitimate entities, such as banks, public authorities like the police, streaming services, or social media platforms, to steal personal and confidential data. They create a sense of urgency or threat so that the victim clicks on a malicious link or enters their login details, passwords, and credit card information on a fake website. 

How to avoid this? Be wary of any unusual or urgent requests. If in doubt, contact the official authorities using the phone number available on their official website. 

Online shopping

Online fraud is a constant threat and affects multiple victims at once. Criminals use tools like fake Google Ads or legitimate-looking e-commerce sites to lure victims. This is a massive scam that exploits public trust in popular platforms to steal money or data. 

It is important that:

- You remain suspicious of big promotions with expiration dates: Example: 'Last chance! Last hours to take advantage of the 70% discount!'
- Always check the URL of the pages: Addresses usually start with ''https://''
- Look for page reviews: Even if everything seems legitimate, if you don't have experience with the page, look for reviews from other customers.

 

The impact of AI on fraud

While Artificial Intelligence has positive aspects, we must bear in mind that it is something that is constantly learning, and therefore, we must always question its results.

AI works for both good and bad and its development allows frauds to become increasingly sophisticated and difficult to detect. With the ability to clone voices, create deepfakes (fake videos) and produce error-free texts for emails/SMS, it is essential to be more attentive than ever to even the smallest details.

How should I act in case of suspicion?

Please contact your BBVA Manager or the BBVA Net and Cards Line immediately on 800 208 208 (+351 213 911 411 from abroad). The speed of this contact is essential.

Protection starts with you.

Do not share personal information: Never give out passwords, debit or credit card numbers, security codes, or two-factor authentication (2FA) codes. Remember that BBVA never requests this data.

 

Attention when using 2FA authentication: This model adds an extra layer of protection. Instead of using just a password, this authentication requires a second (single-use) code that is usually sent via SMS or generated in an app. Never share it.

 

Create strong passwords: Don't take any risks, use complex and unique passwords for each account. Combine letters, numbers and upper/lower case.

 

Monitor your accounts: Check your bank statements and card bills regularly. This way you can identify if there are any suspicious transactions and act quickly. 

 

Attention to urgent communications: a sense of urgency is a common fraud tactic. Be suspicious of urgent requests such as data updates, transfer requests, etc.

 

 

Keep your software and applications up to date whenever possible: Ensure your operating system, antivirus, and applications are always up to date to address security vulnerabilities.
 

Use public Wi-Fi networks sparingly: Unsecured Wi-Fi networks can be easily intercepted by criminals. When connecting to these public networks, avoid accessing accounts or performing banking transactions. Try to use the mobile data network (3G, 4G and 5G).

 

Pay attention to your home Wi-Fi network: Your Wi-Fi network is not immune to danger. Do not use identifying names (e.g., first names) and create a strong, complex password.

 

Be careful when downloading apps: Make sure that when downloading a new application you do so from the official stores. Always check other user reviews before downloading.

Payment details: Before confirming a transaction, always check that the details displayed are correct.
 

Always check payment terminals and ATMs: Before inserting/using a bank card, examine the device. These devices can be tampered with with new keyboards, the addition of hidden cameras, or dual card readers. 

 

Never lose sight of your card: When paying, always have your card in sight and never give it to any employee.

 

Never share your card PIN with third parties: This number is yours alone. Never share it. If possible, change it from time to time.

Shop on secure websites: Before entering your card details to make a payment, make sure the website you are on is trustworthy. Safe addresses start with ''https://''. Use well-known shops with a good reputation. Otherwise, always look for reviews from other customers.

Fraud in companies is common and can be avoided:
 

Increase internal control: Establish systems of separation of duties so that a financial transaction does not depend on just one person. 
 

Regular audits: This ensures that there are periodic reviews of the company's finances and allows for the identification of irregularities or vulnerabilities in the company's system.
 

Technology: Make sure you use a good security system and that all software is up to date. For extra security, implement two-factor authentication (2FA) for company employee accounts.
 

Beware of suspicious orders: You should never share data or make transfers outside of the usual protocols.
 

Online shopping security: Use trusted platforms that include fraud prevention systems. 

 

How should I act in case of suspicion?

Immediately contact your BBVA Manager or the BBVA Net and Cards Line 800 208 208 (+351 213 911 411 from abroad). The speed of this contact is essential.