An email allegedly coming from Santander Bank urges customers to upgrade their software. However, this is nothing more than a clever phishing scam that’s designed to steal online banking details.
The malicious email, provided by Hoax Slayer, reads:
Dear Valued Customer,
Santander Online Banking technical services department is carrying out a scheduled software upgrade to improve the quality of services for the bank's customers. Please upgrade immediately by clicking on this link below:
Secure Sign-In Access
Thank you for your prompt attention to this matter.
Internauts who fall for the plot and click on the link are taken to a webpage that tries to replicate the official Santander site. On this page, users will find a number of forms that request information such as personal ID, passcode, PIN, mobile phone number, landline number, date of birth, secret questions and their answers.
In the end, a message pops up, informing the victim that the verification has completed successfully. Unfortunately, at this point, all the data is safely stored in a database controlled by the cybercriminals.
The basic rule is the same and it will not change in the near future. Banks and other financial institutions never ask you via email to provide credit card numbers, passwords, PINs and other information that can be used for online shopping or transactions.
If you’ve reached the end of the phony verification and realize that you have been duped, or even days after you come to the conclusion that it was all a scam, the first thing you must do is call Santander and have them block all transactions until your credit card and online account can be changed.
The longer the time that passes since the information is submitted, the chances that the account is emptied increase, so in these situations time is of the essence. Of course, the ideal situation is the one in which users completely ignore such requests and delete the emails or report them to the bank.