What is phishing and what are its consequences?

This is how you can avoid having all of your sensitive data, including banking details, stolen via email.

Phishing is a social engineering technique where an email is sent by cybercriminals impersonating the identity of a well-known company or public entity in order to request personal and banking information from the user. They attempt to redirect you to a fraudulent website using a link included in the email to have you enter your credit card number, personal IDs, passwords for digital banking access, etc.

These fraudulent emails usually include the logo or brand image of the entity, contain grammatical errors and try to convey urgency and fear so that the user performs the requested actions.

A phishing email can also carry an attachment infected with malicious software. The goal of this malware is to infect the user’s computer and steal their sensitive information.

This type of attack is also carried out by cybercriminals through SMS messages (smishing) and telephone calls (vishing).

How to protect yourself from phishing

  • Strengthen the security of your devices and keep your operating system, browser and applications up to date. This combination can help you avoid an economic headache.

  • Never enter your personal data on a website you accessed via email. If you are familiar with the website, enter it by typing the address into a browser.

  • Review your accounts periodically to keep track of transactions made with them as well as their total balance. If you see any transactions that you do not recognize, immediately contact Customer Service (or your account manager) to resolve them.

  • Remember that BBVA will never ask you for any banking information by email or SMS, so please do not provide it through these channels.

  • Always check the URL of the link you have been sent. Even the slightest detail (a different letter, a dot or a dash, for example) can be key to not falling into a trap. You should also verify that the link begins with “https,” an unmistakable sign of security.

  • Verify that the sender of the email is the official sender. Cybercriminals often use techniques to simulate the actual company or entity, e.g. including a special character between them (bbv-A, for example) or by changing a letter to a similar one (bbua).

  • Stop reading the message if it’s extremely alarming or if you’re forced to make a decision in a short period of time. If either of these cases actually were to occur, the bank would contact its customer through a more secure channel.

  • Do not download an email attachment, especially if it hasn’t been scanned by antivirus software, unless you know it comes from a secure source.