Last year, 336,778 computer scams were recorded in Spain, almost five times more than six years before, an increase that is as worrying as the constant change in the “modus operandi”. However, the star of these deceptions continues to be “phishing”, a social engineering technique that has already “diversified” its way of acting.
But how are these deceptions? Sources from the Technical Unit of the Judicial Police (UTPJ) of the Civil Guard relate the computer scams that are proliferating now, difficult to frame in a Criminal Code that cannot adapt to the speed that criminals do.
It is “phishing” the star. This is a scam that consists of sending massive and indiscriminate emails pretending to be a “friendly” entity, usually a bank, with the aim of stealing private information from the victim.
Precisely, 59% of the scams investigated by the Civil Guard in the last twelve months are due to “phishing”.
But what investigators are now seeing, and there have already been police operations in this regard, is that scammers are changing the means they use to reach as many victims as possible.
Thus, more scams are being detected by “smishing”, that is, through SMS, and by “vishing” (by phone). Even, as the sources consulted underline, now the scam is proliferating by combining these two modalities.
An example. A client receives an SMS notifying a security incident in his account and with an alleged link to access the bank, which actually leads to a cloned page held by fraudsters.
The victim fills in his online banking access credentials, but when he accesses he gets an error notification from the page.
They also include the call for the double authentication factor since the fraudsters know that the banking entities require it and, therefore, an SMS is needed to confirm the transfer.
Once they have gained access to “online” banking, and therefore to the victim’s data, “vishing” comes “to play”.
The scammers call the victim posing as the bank to inform them that an incident has occurred and get the victim to provide them with the security code.
With it in their possession, they can now make transactions and “fleece” the target. The “bad guys” also use VoIP services to make voice calls over the internet (VoIP stands for Voice over IP).
But to “not get their fingers caught” they use “spoofing”, a method by which the call or SMS is made from a masked number that, according to the person on the other side, comes from the victim’s bank.
The Civil Guard recently carried out a macro-operation against massive SMS scams and arrested a hundred people for defrauding more than one million euros using this method.
Another scam is the so-called BEC (Business Email Compromise) in its acronym in English. Or what is the same, the attack on business email. Of the total number of scams detected by the armed institute in the period analyzed, 6.8 percent corresponded to this modality.
Normally, the victims are SMEs since large companies tend to have greater computer security and their employees are more aware of the risks.
This is a type of scam in which criminals send emails from “email” addresses that pretend to be from supplier companies.
That is, they impersonate a provider and intercept the billing emails that it sends. In this process, they change the bank account where they make the payments and, therefore, the transfers reach them.
In an operation last October, the Civil Guard dismantled a group that defrauded eleven companies from Madrid, Granada, Asturias, Murcia, Santa Cruz de Tenerife and Malaga using the BEC method. The scam amounted to 188,000 euros.
Another type of business scam, similar to BEC, is the so-called “man in the middle” attack. 2.1 percent of the computer scams uncovered by the Civil Guard in the last twelve months correspond to that system
A significant number of cases of “pharming”, 19.4% of the total, were investigated by the Civil Guard in one year, a scam that consists of creating a web page in the image and likeness of a “good” one, generally the access page to a bank. Virtually a clone.
Scammers use various techniques to position themselves, that is, so that when the search is done on Google, that website comes out ahead of the cloned one, although this is only one of the methods.
Because originally “pharming” used what is known as DNS poisoning, which is that the part in charge of translating the URL into IP addresses was modified so that even if the user typed/saw that the URL was the real one, the computer would redirect it to the criminals page.
In short, with this system, and by redirecting the user to a fake website, criminals steal their information, such as account numbers or passwords.
There are more modalities but what is clear is that, as the sources of the Technical Unit of the Judicial Police say, fraud through SMS is replacing email, perhaps due to greater user awareness and because receiving SMS to confirm payments, transfers, bizum… is the order of the day.