Spain's Guardia Civil Warn Carrefour Customers Of Smishing Scam

Spain's Guardia Civil Warn Carrefour Customers Of Smishing Scam Spain News Published: 03 February 2022 14:28 CET

Spain’s Guardia Civil have warned of an enormous scam aimed at stealing the bank details of Carrefour customers.

The Guardia Civil’s Internet Security Office (Incibe) said on Twitter that they have unearthed a fraudulent SMS text messaging scam, known as ‘smishing’.

An SMS text message that is aimed at Carrefour customers who have a PASS financial card, redirects customers to a fake Carrefour webpage that then takes their private information.

The fake SMS message warns customers that unless they activate a new security system they will not be able to use their PASS card but the Guardia Civil has stipulated that some messages may contain different instructions and fraudulent links.

The SMS messages that have been detected within this smashing scam are…

‘Carrefour notification from now on, Your Pass Card cannot be used. You need to activate the new web security system’ [malicious URL]

‘PassCarrefour After the last purchase you will not be able to use your Pass card, activate the 2022 security system immediately’ [malicious URL]

‘CARREFOUR HAS ENTERED YOUR INVALID IDENTIFIERS GARCIAS FOR TRYING AGAIN TO BLOCK YOUR PASS CARD’ [malicious URL]

⚠#ALERTA❗ Detectados SMS fraudulentos (#smishing) que suplantan a Carrefour con el objetivo de dirigir a una web falsa para robar sus datos personales y bancarios. #NoPiques, algunos utilizan engaños sobre incidencias en la tarjeta PASS o la cuenta.https://t.co/N4uC2762qx pic.twitter.com/cInGnRazVc
— Guardia Civil ???????? (@guardiacivil) February 1, 2022

Incibe urges any customer that has received one of these messages and has already provided their access data, username and password, or any other personal or financial information, to contact their bank and the police as soon as possible, so that any possible transactions can be cancelled.

They also propose that the customer should contact Carrefour through its official channels, informing them of the fraudulent action, cancelling any PASS card transactions, plus cancelling the card itself, so as to prevent any further actions from being carried out.

So how can you avoid being a victim of ‘smishing’ fraud?

Do not open messages that are from unknown users or that you have not personally requested, delete them straight away. DO NOT reply to these SMS messages under any circumstances.
Be careful when clicking on links, even if you know the contacts.
Always check the URL that appears in the SMS and also in the browser if you clicked. If there is no secure certificate, or if it does not correspond to the site you are accessing, do not provide any type of personal information such as username, password, bank details, etc.
In case of doubt, consult directly with the entity involved or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and the Internet Security Office (OSI) of INCIBE.

Source

https://www.osi.es/es/actualidad/avisos/2022/01/mensajes-fraudulentos-intentan-enganar-los-usuarios-de-la-tarjeta
https://twitter.com/guardiacivil/status/1488436963988291585
https://www.surinenglish.com/spain/guardia-civil-warn-20220202115015-nt.html

HEALTHPLAN MAGAZINE