This is how a Spanish user managed to recover the money stolen through the Correos SMS scam.
Smishing is a type of scam in which cybercriminals pose as legitimate entities, such as banks or service companies, to send fraudulent text messages and trick victims into obtaining their personal and financial information . Cybercriminals rely on the victim to follow the instructions and click on the links in these messages, either through thoughtless behavior or by creating a sense of urgency .
Be careful if you receive an SMS message from Correos asking you to pay for a package.Unfortunately, this is what happened to a woman who received an SMS from Correos requesting a payment of 0.01 euros to receive a supposed package , as reported by Genbeta . When she clicked on the link, she was taken to a page identical to the company's official one, but it turned out to be fraudulent. Immediately afterward, and without realizing it was a scam , she entered her personal and banking information.
Within a few hours, the woman's bank account showed 29 unauthorized charges totaling €2,490 through platforms such as Revolut and Betfair. After reporting the incident, the woman filed a complaint with her bank (ING), but was denied the money because the victim was negligent in sharing her information and because all her transactions had been validated using authentication systems.
Finally, the case went to court and, as the ruling dictated , the bank had to return the amount that had been stolen, but how did it manage to win the case?
- The ruling states that there was no gross negligence on the part of the victim , as the deception was completely believable given the image on the website and the message she received.
- ING also failed to demonstrate that it had the necessary mechanisms to detect and protect against this type of fraud , and did not provide evidence strong enough to prevent the incident.
- It also came to light that the transactions were not properly authenticated , because the user's identity was impersonated through deception, so they are not considered authenticated.
As the aforementioned media outlet correctly recalls, banking institutions are responsible for fraudulent transactions unless it can be proven that the victim acted intentionally or with gross negligence (Royal Decree-Law 19/2018 and Directive (EU) 2015/2366), which, in this case, has not been proven.
How to avoid the 'smishing' scam- Be wary of suspicious messages that try to reward you or are excessively urgent.
- Verify the sender's identity by contacting the company or bank through official channels.
- Do not share personal or financial information.
- Install protection on your mobile phone, such as antivirus software that blocks malicious links or numbers.
- Keep your device up to date to protect it against vulnerabilities.
- Act quickly if you fall into the trap and deactivate your bank account if your financial information is stolen.
20minutos
