Eset, an antivirus protection company and expert in cybersecurity, has warned this week of identity theft by Bankia and Banco Sabadell via email, as reported through separate communications.

For the first case, the director of research and awareness of Eset Spain, Josep Albors, has warned of a new case via email that supplants the identity of Bankia -now integrated into CaixaBank- and installs malware in the system with the aim of stealing as much information as possible from the user.

Albors points out that it is an email template already used in a case identified in September 2020. “As on that occasion, the email, in addition to supplanting the Bankia/Caixabank address, has a compressed file attached that criminals have tried to camouflage by adding the PDF extension to the file,” says the expert.

However, if the user tries to open it, its content will usually be decompressed, revealing an executable file inside that contains the ‘malicious’ code used on this occasion.

This file starts the execution of a remote access tool known as ‘Ave Maria’ or ‘Warzone’, a malware whose creation dates back to 2021 that allows criminals, even with little technical training, to steal credentials and confidential information stored on the computer. committed.

Eset has also warned of the case of impersonation of Banco Sabadell’s identity, also through email. Specifically, the user may receive an email whose subject is a credit card activation problem, “although the wording of the subject is strange and may give clues about the legitimacy of the message.”

However, the sender appears to be Banco Sabadell and the email domain seems to confirm it, which may be “sufficient reason” for some users to trust the legitimacy of the email. “However, we must remember that it is not complicated at all to impersonate the sender in an email, so we should never rely solely on that point,” warns Albors.

As for the content of the message, there are no misspellings and it is “apparently well written”, although it would be concise and would have the objective of making the user click on the link provided in the body of the email.

The link redirects to a website prepared by criminals to make the user believe that they are accessing their Sabadell account. However, Eset warns of some elements that can make this web page suspicious, such as the URL itself, which would not bear any relation to the entity.

Likewise, texts can be seen in English and, despite using the bank’s corporate colors and typography, “the entire website has a template aspect that has been modified for this ‘phishing’ campaign.

Also, Eset remembers to check the security padlock that appears in the bar of the URL that indicates that the connection between the device and the web “is secure”.

The objective of this ‘phishing’ or identity theft campaign is to obtain access data for online banking and payment methods, including credit cards. “The first thing they usually request is our username and password to access the profile of our bank account, check the available balance and make transfers to other accounts normally controlled by muleteers, who are the ones who forward the money to criminals, keeping a commission” Albors explains.

To do this, criminals also request the temporary, single-use code that banks usually send by SMS to users’ mobile phones. In this regard, Eset states that this authentication method used by banks “has been in question for years” and, instead, it would be recommended to use other more efficient and secure ones, “but the vast majority of Spanish banks continue to use it as a method of main check.