Malicious SMS: how the RCS system helps combat fraud
Malicious SMS, or smishing, has become one of the most common and dangerous forms of fraud because it arrives through a channel that many people trust. To strengthen security, technologies like RCS (Rich Communication Services), an evolution of traditional SMS, allow for the identification of messages from verified channels by the provider and help make impersonation more difficult by facilitating sender identification.
How can we detect these types of messages?
Detecting a malicious SMS is not always easy and it is becoming increasingly complicated. One of the main reasons is the use of artificial intelligence, which allows cybercriminals to create messages that are more natural, better written, personalized, and much more credible than before.
There are still some signs that can help you identify this type of fraud:
If you receive a suspicious message, the most important thing is not to click on links, call the phone number provided, or download files. Remember that messages sent by BBVA do not contain links. And it will never ask you via SMS to call a phone number if you do not recognize a banking transaction. It is recommended to verify through other means and official BBVA channels, such as the app, the website, or by calling your advisor. Additionally, it is advisable to delete the message and block or report the number to reduce the risk of receiving further fraud attempts.
RCS: The future of secure messaging
BBVA has begun to strengthen its communications with technologies aimed at preventing these types of impersonations. In January of this year, it announced the implementation of a verified messaging system based on an enriched communication service, a technology that modernizes traditional SMS. Thanks to this model, a portion of the messages are sent within a thread identified with the bank’s official name and logo, which helps reinforce the sender’s authenticity and makes identity theft-based fraud more difficult:
RCS is an evolution of traditional SMS that allows for more advanced communications, with rich content and visual elements that help better identify the sender. When a company is verified, the conversation displays a validation badge that allows the user to more easily recognize that the message truly comes from a legitimate entity. In this sense, the technology does not “detect” by itself whether a message is fraudulent, but rather reinforces the sender’s authenticity and makes it more visible when a communication comes from a registered company.
If a cybercriminal attempts to impersonate BBVA, their message would not appear within the verified thread with the bank’s official name and logo, but rather as a conventional SMS, without that visual identification. Although this measure does not completely eliminate the risk, it does add an additional layer of protection that can help better detect fraud attempts. On Android, the client can see BBVA’s official name and logo along with an official channel indicator, while on Apple’s iOS, the message appears identified as RCS and the validation can be checked from the sender’s information:
However, this technology does not replace caution. In specific situations, such as a lack of a data connection or the use of older devices, some messages may still arrive in SMS format. In those cases, the usual precautions must be maintained.
The best defense remains the same: distrust urgency, verify through another channel, and block or report the sender.
Cookie settings
