Jose F. Sanchez |
Madrid (EFE).- Cyber crooks go shopping with purchases for themselves and gifts for others at Christmas and take advantage of the busiest time of the year to deceive anyone with tricks of increasingly sophisticated, including ninja scams and social engineering techniques.
An SMS in the name of Correos requesting the amount of customs duties for a package or a website with the appearance of one of the best-selling fashion brands. They are among the most common traps at this time of year.
Chief Inspector of the National Police Diego Alejandro Palomino, of the Technological Investigation Unit (UIT), explains to EFE that behind these scams hide criminal organizations that operate “like businesses”, since they use methods to offer their purported products, while the benefits are obtained from deceptive users.
Its techniques are increasingly sophisticated, and it is that they manage to “trace”, with a security certificate included, the web designs of the companies that charge the most on Black Friday and Christmas, but the prices are significantly lower to those on the market, which should arouse the first suspicions.
You also need to look at the web domain, in which they usually subtly substitute a letter. Sometimes cyber fraudsters’ web pages are positioned in search engines above the digital store of the brand they are impersonating.
Social engineering and ninja scams
Diego Alejandro Palomino indicates that one of the most common techniques at Christmas, as expected on Black Friday, are the so-called ninja scams, characterized by obtaining a small advantage (even two euros) for a large number of victims.
In recent days, the ITU of the National Police has learned of a massive scam attempt. This is an SMS supposedly sent by Correos Express in which the payment of the amount of customs duties of 1.98 euros is requested.
“Organizations dedicated to this type of scam acquire databases on the Internet that allow them to send mass emails or SMS. Now they know there are a lot of people waiting for packages. If some of the recipients of the message fall, it is already profitable for them”, explains the chief inspector of the UIT.
Making a user believe that their package has been delayed, or that their bank account has been blocked, is part of the range of “social engineering” techniques that cybercriminals use to obtain their most precious benefit, data. personal and bank accounts of their victims. .
“No one gives trouble for the pesetas”
E-commerce security expert Diego Alejandro Palomino points out that the “best advice” to avoid falling victim to cyber fraud is to “beware” of any good deal. “Nobody gives a lot for pesetas,” he adds.
However, the sophisticated scam methods of the organizations behind it can be confusing, which is why he recommends consulting forums such as the National Institute of Cybersecurity (Incibe), in which other users may be the ” first police” which alerts on a fraud.
Other advice given by ITU are: check the domains of the web pages, consult the legal section of the company, check if there are advertisements for this brand on the Internet or test if it has a payment to double authentication.
When it is too late, the police recommend that the situation be reported to the bank, which in many cases reverses the payments within days. Then they ask to inform the National Police, who will compile the cases of each of the scams and investigate until they find their perpetrators.