“Enhorabuena. I got a check for 150 euros to spend in our store connected“. This offer can only arouse suspicion out of context. But if it was received in full force by the search for digital offers on Black Friday, where every Spaniard spends an average of 380 euros, according to KPMG, it may not lead to such a rare case. It could even be launched for it, although it costs 1.99 euros and personal data to open. And the check, which soon replicates the check of a famous brand, will not arrive.
They fill online stores that take on the appearance of large companies to engage consumers. Anyone who buys from them will almost certainly not get what they bought or exactly the same thing, explains Martin Vigo, cybersecurity expert and founder of Triskel Security. Although the authorities are struggling to eradicate it, they do not want it to multiply. In 2024, a network that imitated famous fashion brands to steal personal and banking data from 800,000 users in Europe and the United States was dismantled. Here are some tips to avoid becoming another affected person during the impending Black Friday or Christmas holidays.
bargain store, Who seeks your data
Want to give a tablet to a friend to celebrate? Click on the features in the search engine and get many results. One of them calls for your attention because it offers an incredible price, which is much lower than what you have seen on other web pages. You can click and open an online store that has all kinds of tech products. Will it be real?
Scammers create web pages that imitate supermarkets, technology chains, fashion products or dental manufacturers connected China. The goal is to convince the consumer to buy and purchase with the import, even though you will never receive the product. It is also approved to obtain personal and banking data from the buyer.
How to recognize a fraudulent message
Review the URL. Secure secure network for “https://”, In the ground “http://”. there “Q” Indicates a secure connection. Be careful of foreign domains such as “.top”, “.xyz”, “.shop”, “.ru”. Legitimate brands to use “.es” the “.with”
Be wary of prices offered below the usual cost and offered for a limited time
Design and content analysis. It may contain poorly translated text, poor quality images, pixelated logos, non-functioning buttons…
Search company data, legal information and return policy. If it’s missing, be skeptical
How to prevent it
Search on Google for “store name” + “inquiry” or “opinion”. Enter the URL on pages like Scamadviser.com that keep a record of your posts. Victims can also submit their testimony online to notify other buyers on platforms such as es.trustpilot.com.
Check the age of the domain. If it was created days or weeks ago, be skeptical. Tools such as whois.domaintools.com provide information about their origin, as well as complete the creation of web pages.
Pay securely. There are several methods that provide certain guarantees in case of doubt:
- Losses paid by credit or debit card (with enhanced authentication) Provides warranties, and how to claim fees if you do not receive the product. This method requires entering the digital key into the bank’s application to make the purchase, and in the event of fraud, it allows the deducted funds to be returned differently from banking transactions.
- Digital payment platforms It reduces your card exposure by not sharing the full number with the merchant and allows you to open a dispute and get a refund if the order doesn’t arrive (or something different arrives. As a drawback, many convenience stores don’t accept these payment methods.
- Single-use cards If you can collect the exact amount of the purchase and it is issued by the majority of banking entities. If card data is stolen, thieves can only steal the amount spent.
- Bizum. Through this method, which is accepted by more and more companies, the payment is recorded with business data. When it comes to purchasing from a store, the contact for bizum should be a store, not a private individual.
gift check, A poisoned gift
Let’s return to the case that opened this article. Via email, WhatsApp, social networks or advertisements on web pages, fraudsters spread fake offers where they pass by brands known to consumers, such as stores connected China, large shopping areas, supermarkets or international fashion chains. These messages offer discounts, gifts, or certain amounts of money to spend on their web pages in exchange for entering personal data or paying a small sum of money.
How to recognize a fake gift card
Poorly written text: with capital letters in incorrect places, and errors in translation
Son imports are not very credible
Businesses do not give money to consumers. There is usually a discount on your purchase. The average discount in Spain is 17%, according to Salesforce
A message with an urgent tone: “Alone today” and “the last hours”…
How to prevent it
Make sure it comes from the legitimate address if it is received via email. Find previous connections with the brand. It’s suspicious if it comes from rare domains like “@promotions-free…” or “promo-gift@marca-bonos…” or is licensed from more common domains for individuals like “@gmail.com” or “@hotmail.com”.
Check the link. Read the full guidance and compare it to previous communications from the brand. Be wary of subdomains or extraneous prefixes like “promo,” “bonos,” or “gifts” and of sending messages from generic domains like “@gmail.com” or “@hotmail.com” when dealing with well-known brands. Check the link. Hover over the link without clicking to see the URL, and hold it down on your phone. If the domain does not exactly match the official website, and you see cutouts and blurry parameter strings, do not enter.
Do not share private data. Legitimate promotions do not require card or invoice numbers, verification codes, passwords, identification documents, or “shipping cost” payments to receive the gift.
Confirmation in the official source. Look for promotion on the web or brand networks and make sure there are legal grounds visible on the check itself. If it doesn’t show up, it’s very likely a scam. You can review the alerts at ontsi.es/es/alertas or incibe.es/alertas.
Inconsistencies in search engines. Copy the check text between Google searches with words like “estafa” or “phishing,” review the results, and close. Signs such as rush, disproportionate awards, or spelling mistakes refute this type.
“Your package is blocked”, Common and effective fatigue
You will receive an SMS from the shipping service informing you that the order is blocked at customs. They urgently ask you to click on the link to refill the form and open it. If this shipment arrives during shopping seasons like Black Friday or Christmas, it will likely reach people who have made an online purchase.
Employees approve the sales circular connected To send random emails, SMS or messages through instant messaging systems such as WhatsApp. They also have to go through carriers. Its goal is to obtain data or money from its victims, a technique known as… Phishing.
When it arrives via email, it mimics the look of a family logistics company to the consumer; It contains text that encourages the victim to perform an urgent action such as “The order is blocked due to lack of information, add the following link” or “To open the package, you must pay 2.99 euros in customs fees.” And provide a link wherever you click. In this way, you will obtain personal, banking or small data.
How to recognize a fraudulent message
In an email message
Check the postal address, it may be similar to the official address but not exact
Check for spelling errors or generic greetings such as “esteemed customer.” Using AI improves filtering and similarity to legitimate channels
Before using the link, contact the carrier via or through the store where you purchased it.
In a short text message
SMS is located on the official website of the carrier
Stick to the URL, it may be similar to the official address but not exact
How to prevent it
Think before clicking or responding to messages requesting personal information. You should never email passwords or banking details. Carriers do not require credentials due to these procedures. One way to find out if it’s legitimate is to hover your mouse over the link (without clicking) to see the URL and compare it to the official one.
I risk downloading “malware”. There are cases where clicking on a fraudulent link will result in a download MalwareIn other words, spyware that captures screens, cameras, microphones, or keyboard pulses. If you suspect an infection, disconnect from the Internet or activate Airplane mode, avoid opening sensitive applications and scan the device with up-to-date antivirus software. If you don’t have one, install a reliable product. Change important passwords from another device and restore mobile phone if signs persist.
If you can install one beforehand. If you don’t have one, it’s best to modify important passwords from another device.
Find another legitimate way to contact the company. Enter the official website manually by typing the direction or using the official application. If you need a call, search for the customer service phone number in a search engine and make sure it belongs to the original website. Log in to your customer area and check the order status using the code provided by the company.
Did you click? If you must close all windows and if you discover that a file has been downloaded, check the Downloads tab. If a suspicious file is found, do not open it and delete it immediately. If private data, such as passwords, have been entered, it is recommended to change them at that moment. If bank details are provided, you must notify the group and proceed with canceling the cards.
The bank helps you identify threats
A conscious user is better prepared to not fall into digital burnout, especially when it comes to their finances. Banco Santander offers its users and the general public resources in the form of Awareness campaigns Focus on key aspects of digital security such as creating strong passwords, among others. It is also published on its official website Articles with practical recommendations To enjoy online life with confidence.
If any communications from the bank raise suspicions, Santander offers official channels for resolving them: a specific SMS can be sent to 638 444 542; Suspicious emails can be sent to phishing@gruposantander.es. Consultations on these topics can also be made on the Superline (915 123 123), in their workshops, or from the Application Help Center or Online Banking, available 24 hours a day.
Banco Santander has a direct WhatsApp channel for customers. A community that can come together to receive online tips, news and alerts about this type of issue and guidelines for identifying relevant messages.
“Everyday security” is also present He is
Serves very juicy