The first thing: do you have or know someone close to you with an account at the Caja Rural bank? If not, you can ignore this news. But if you do, be careful, because the OSI warns us that a campaign to send fraudulent emails that impersonates Caja Rural has been detected, whose objective is to direct the victim to a false web page (phishing) to steal their credentials access and banking information, with the excuse that it has a new update.
The fake email from Caja Rural
The malicious email campaign detected impersonating the Caja Rural entity has the subject “RuralVia – Caja Rural”, although the OSI does not rule out that “there are emails with similar subjects and content that are using the name of any other bank to steal data of users ”, as part of a massive campaign.
Returning to the email itself of the Caja Rural, in this the user is informed that there is an update and must check their email in a link that leads to a false website. Normally, an indication that we are facing a scam would be that the body of the email was full of errors, poorly translated words, etc., but it should be noted that in this case, the false email does not present spelling or grammatical errors, although the word “update” is duplicated.
Steal your bank details
If you click on the link included in the email, you will access the fraudulent website that impersonates the legitimate one of Caja Rural: After entering your access credentials (user, NIF and passwords), you will be redirected to a section where information is requested referring to the requested positions of the signature key, although it does not indicate which positions, so you can end up entering all of them.
Once all the characters of the electronic signature have been entered, it will request a confirmation code received by SMS. And this is where the authors of the scam have caught you, since this code will never be received because the attacker already has all the information they need to access your bank account, and they only do it as a social engineering trick.
If you have received an email of these characteristics, accessed the link and provided your access data (user, NIF and password), contact the bank as soon as possible to inform them of what happened. If you have not entered, delete it at once, and if you are not sure about it, consult directly with the Caja Rural customer service, which will clarify that this email is not official nor has it been sent from the entity.