NOW that Germany has become the first European country to tackle 'programmed obsolescence' head on, neighbouring countries look set to follow suit – and Spain has already started, albeit tentatively.
Keeping your cash safe: Kutxabank tells us how to beat the scammers
18/03/2022
FOR AS long as banks and the internet exist in the same space-time continuum, there will be 'phishing' attempts – which is why the focus is on advising the public how not to fall for them, rather than advising the fraudsters to stop 'phishing'. In this case, it's not about victim-blaming, because everyone wants money, and a very small handful of people in this very large world will try to get their hands on it without undue concern over whether others will be cross with them or that it's a bit rude.
Luckily, many of the methods still in use today have been doing the rounds for 20 years or so, and we're wise to them – even feel insulted that the tricksters assume we're daft enough to believe it.
You don't have to be 'daft' to believe it, though. Some people are much more trusting by nature; others are not au fait with the more 'remote' ways of handling your own cash or scammers trying to relieve you of it, especially if they're not online much; the elderly can be easy pickings, so you need to keep a close eye on your senior loved ones to ensure they don't become targets.
As a rough guide, if you get a 'cold call' and start to protest or complain, those who simply hang up without a 'thank you anyway and have a nice day' are probably not entirely legitimate.
To help those who are still feeling a bit vulnerable in cyberspace, and as a reminder for the more blasé among us who might have forgotten to be cautious, national financial chain Kutxabank has released a series of recommendations on how to keep your spondulicks out of the hands of those who haven't earned them.
Read text messages thoroughly, especially when buying online
Many banks, Kutxabank being one of them, require you to authorise online purchases with a code that expires within minutes, or to authenticate your log-in on a given website in a similar way.
It can be too easy just to glance at a bank's text message that arrives the instant you press 'OK', type in the code and get on with your life.
But the fact it comes through at exactly the right moment doesn't always mean it's genuine – read it thoroughly to make sure it coincides with what you're trying to do online.
If it doesn't, call your bank on its 24-hour helpline, and certainly don't use the numerical code sent to you.
Look out for spelling or grammatical mistakes, too – if your Spanish is not up to proof-reading, your bank will almost certainly have an option to set up your account details online, via the cashpoint and in written communication in another language, such English or a Spanish regional tongue.
Don't give out your passwords, codes, PINs, or other credentials to anyone, ever.
Of course, your immediate family, partner or spouse, or a small number of your closest friends might have your online banking numerical username (which is normally your national ID number anyway) and pass code, or your cashpoint PIN number; sometimes it's necessary to be able to trust someone with these – if you end up unconscious in hospital, your kids or pets will still need to eat and a person close to you will need to be able to access your money for that reason.
But it should go without saying that these data must never be shared with a stranger, including a caller, a website log-in request, in reply to any messages...in fact, even your bank itself doesn't know your PIN or your password.
Someone who rings you up asking for these details may appear authentic, because they seem to know a lot about you – perhaps even things you thought nobody in particular did.
Professional fraudsters, though, are capable of getting their hands on almost any personal information (remember social media. If they can hack your site, they can give you the name and a convincing description of your dogs or cats, your grandparents' birthdays, or anything else that you believed only your friends and family knew).
So, however knowledgeable the caller seems about your dress size, haemorrhoids prescription or when you last took the rubbish out, refuse (politely, because it's nicer) to give them PINs and passwords they ask for.
“Kutxabank will never, under any circumstances, ask you for these data via telephone, email or text message,” the Basque-based banking chain stresses.
Neither will any other bank – and you should immediately be suspicious of any loan company that wants access to your banking App to view your history in order to approve a finance deal. Offer printed statements instead.
Linked to trouble
Emails, SMS messages, WhatsApp messages, or similar, which ask you to click on a hyperlink to give your data are probably not to be trusted.
We say 'probably'. Most genuine online service providers will tell you to 'go to their website and log in', but not all of them do.
As a precaution, therefore, open a new tab and manually type in the web address for the company in question, rather than hitting any links in a message.
This is even true where you get a message from a utility company reminding you about a bill you know is overdue and telling you to open the link in the SMS to settle it.
When using any website that involves your finances, do a search online to find out if it is the correct one and the company is legitimate before committing yourself, especially if it's one you haven't used before.
Common attempts doing the rounds at the moment include Amazon and PayPal, claiming your 'account is locked' or 'suspicious activity has been detected'.
Log into these separately and manually to check whether it's true, and if it isn't, forward the email to the 'real' company to report it as 'phishing'.
Scrutinise email addresses, too. If they're a mish-mash of numbers and letters, a person's name, come from a standard email provider (Gmail, Hotmail, Yahoo, etc), they're probably not genuine.
“You need to sign up right now or you'll miss out on the deal...”
Don't let FOMO ('fear of missing out') push you into making snap decisions. Even if it's a genuine company and you're talking to them on their premises or to an accredited agent, any firm that doesn't give you plenty of thinking time, or which claims the discount is only valid today, is probably trying to pull a fast one.
We know that, occasionally, 'real' companies will try this tactic to get new customers on board, so as to stop them reflecting and deciding at leisure that, actually, they're quite happy with their existing firm. But if a special offer is the genuine article, it'll still be there tomorrow, or another one will come up next week, and if they really want your business and are confident their service is the best there is, they'll be happy to let you mull it over and shop around.
Kutxabank says this rule applies whether you're being asked to sign for a promotional offer, or to give your details to confirm a transaction, or to claim a prize you've allegedly won.
If the caller or message warns they'll block your card, freeze your bank account or you'll lose the prize unless you act quickly, red flags should be flapping as vigorously as on beach in a Force 10 gale.
You'll never be asked by a genuine seller or competition organiser to give your financial details, and absolutely nobody on earth will ask for your banking access codes or card or cashpoint PIN unless they're trying to fleece you.
In Spain, it is very rare for companies to accept payment by credit or debit card over the phone – some firms do, but be aware that you may not be able to buy something or settle a bill this way, so if someone else is paying on your behalf, they will have to transfer the money to you or make direct contact with the company.
It is, however, more common in Spain for bank account numbers, with the IBAN code, to be made widely available – businesses may give you theirs to transfer payment into, and charitable collections will sometimes be advertised with an account number and the bank name.
This works on the basis that someone knowing your bank account number but no other details connected with it means that someone can pay money in, but cannot get it out.
“Your card has been blocked...”
No, it hasn't. If you're told it has, through any source, get in touch with your bank straight away – if it's a genuine blockage, they'll lift it for you.
This might be for a number of reasons, such as a card expiring, or an unusual – especially large – purchase attempt made, but you'll never be asked to confirm passcodes or PINs to get it unlocked again.
Almost-perfect website design
Just because a website looks exactly like the one you've been using for years doesn't mean it actually is that same site. Check it out carefully, and make sure the address you've typed in reflects the fact.
This comes back to clicking on links in messages – if you do this and are taken to your bank's website, you might assume all is above board, but fraudsters are quite artistic when it comes to copying an online banking page, so unless you've manually opened it in another tab, you shouldn't trust that the site resulting from the link has taken you to the right place.
Watch what you download
Getting messages urging you to download an App to watch films, sporting events or TV shows is another route to installing what's known as 'malware' in your devices – rogue software that allows con-artists to hijack your details – or 'adware', which is plain annoying, causing unwanted adverts to cover your screen or automatically reroute you to them whenever you open a web page.
If you want to download films or stream shows or events, do so via the genuine website, not from a link in a text message, email or WhatsApp, and never download any Apps from sites that are not the official ones for these.
“Your computer has been hacked...”
Fast becoming the oldest trick in the cyber-book, random calls are made (without even bothering to check if the recipient owns a computer) telling you that they're from MicroSoft, Apple, or similar, and that your device is infected or has been hacked.
They offer to fix it for you if you log into a 'team-viewer' type of programme, enabling them to access your PC or phone remotely and 'repair' it.
Of course they won't repair it, but they will leave you in a fix. Hang up, make a note of the number they called you from, and tell the police.
Bizum: No need to enter a code if you're getting paid
“Take care with messages introduced as 'concept' [Concepto], as they could be fraudulent,” Kutxabank warns.
“Remember that to be able to receive a Bizum payment, you'll never have to put any passcode or PIN in.
“Carefully check what type of operation you're carrying out – receiving or making a payment [pagar or recibir].
“If you're due to receive a payment, check that you're actually being sent money rather than being requested to pay that amount yourself.”
Hackers can sometimes send you payment requests on Bizum that you might click on automatically without realising, assuming it's someone trying to actually pay you.
Avoid using public computers for banking or buying, or inserting drives of unknown origin
Try not to use an internet café, communal computer in a library or social centre, for anything with your money connected to it, in case they're infected.
In reality, most cybercafés keep their anti-virus programmes up to date and delete all data between customers, but some may not, and this is not necessarily the case if it's a computer in a community centre, for example, where these are normally unmanned.
Also, don't plug in a phone via USB, insert a CD, DVD or pen-drive into your computer unless you know where it's come from, just in case it's infected with malware.
Use 'TouchID' if your phone allows it
Some modern SmartPhones offer the option of registering your fingerprint, which you can then use to fill in password information. Given that every person's fingerprint is completely different – assuming we're all born with eight fingers and two thumbs, that means there are 10 times 7.44 billion biological 'patterns' on planet earth – so it's extremely tough for even the most experienced hacker to forge yours.
This option makes online banking Apps and purchases safer when operating them on your phone.
Facial recognition technology is also sophisticated enough these days that it's hard to fool the system, given that few of us are identical down to the finest detail – unless you have a monozygotic twin who's determined to spend the contents of your account, of course.
But then, naturally, you'll know who the culprit is – or that it's one of your siblings, at least, if you're an identical triplet or quad.
Related Topics
FOR AS long as banks and the internet exist in the same space-time continuum, there will be 'phishing' attempts – which is why the focus is on advising the public how not to fall for them, rather than advising the fraudsters to stop 'phishing'. In this case, it's not about victim-blaming, because everyone wants money, and a very small handful of people in this very large world will try to get their hands on it without undue concern over whether others will be cross with them or that it's a bit rude.
Luckily, many of the methods still in use today have been doing the rounds for 20 years or so, and we're wise to them – even feel insulted that the tricksters assume we're daft enough to believe it.
You don't have to be 'daft' to believe it, though. Some people are much more trusting by nature; others are not au fait with the more 'remote' ways of handling your own cash or scammers trying to relieve you of it, especially if they're not online much; the elderly can be easy pickings, so you need to keep a close eye on your senior loved ones to ensure they don't become targets.
As a rough guide, if you get a 'cold call' and start to protest or complain, those who simply hang up without a 'thank you anyway and have a nice day' are probably not entirely legitimate.
To help those who are still feeling a bit vulnerable in cyberspace, and as a reminder for the more blasé among us who might have forgotten to be cautious, national financial chain Kutxabank has released a series of recommendations on how to keep your spondulicks out of the hands of those who haven't earned them.
Read text messages thoroughly, especially when buying online
Many banks, Kutxabank being one of them, require you to authorise online purchases with a code that expires within minutes, or to authenticate your log-in on a given website in a similar way.
It can be too easy just to glance at a bank's text message that arrives the instant you press 'OK', type in the code and get on with your life.
But the fact it comes through at exactly the right moment doesn't always mean it's genuine – read it thoroughly to make sure it coincides with what you're trying to do online.
If it doesn't, call your bank on its 24-hour helpline, and certainly don't use the numerical code sent to you.
Look out for spelling or grammatical mistakes, too – if your Spanish is not up to proof-reading, your bank will almost certainly have an option to set up your account details online, via the cashpoint and in written communication in another language, such English or a Spanish regional tongue.
Don't give out your passwords, codes, PINs, or other credentials to anyone, ever.
Of course, your immediate family, partner or spouse, or a small number of your closest friends might have your online banking numerical username (which is normally your national ID number anyway) and pass code, or your cashpoint PIN number; sometimes it's necessary to be able to trust someone with these – if you end up unconscious in hospital, your kids or pets will still need to eat and a person close to you will need to be able to access your money for that reason.
But it should go without saying that these data must never be shared with a stranger, including a caller, a website log-in request, in reply to any messages...in fact, even your bank itself doesn't know your PIN or your password.
Someone who rings you up asking for these details may appear authentic, because they seem to know a lot about you – perhaps even things you thought nobody in particular did.
Professional fraudsters, though, are capable of getting their hands on almost any personal information (remember social media. If they can hack your site, they can give you the name and a convincing description of your dogs or cats, your grandparents' birthdays, or anything else that you believed only your friends and family knew).
So, however knowledgeable the caller seems about your dress size, haemorrhoids prescription or when you last took the rubbish out, refuse (politely, because it's nicer) to give them PINs and passwords they ask for.
“Kutxabank will never, under any circumstances, ask you for these data via telephone, email or text message,” the Basque-based banking chain stresses.
Neither will any other bank – and you should immediately be suspicious of any loan company that wants access to your banking App to view your history in order to approve a finance deal. Offer printed statements instead.
Linked to trouble
Emails, SMS messages, WhatsApp messages, or similar, which ask you to click on a hyperlink to give your data are probably not to be trusted.
We say 'probably'. Most genuine online service providers will tell you to 'go to their website and log in', but not all of them do.
As a precaution, therefore, open a new tab and manually type in the web address for the company in question, rather than hitting any links in a message.
This is even true where you get a message from a utility company reminding you about a bill you know is overdue and telling you to open the link in the SMS to settle it.
When using any website that involves your finances, do a search online to find out if it is the correct one and the company is legitimate before committing yourself, especially if it's one you haven't used before.
Common attempts doing the rounds at the moment include Amazon and PayPal, claiming your 'account is locked' or 'suspicious activity has been detected'.
Log into these separately and manually to check whether it's true, and if it isn't, forward the email to the 'real' company to report it as 'phishing'.
Scrutinise email addresses, too. If they're a mish-mash of numbers and letters, a person's name, come from a standard email provider (Gmail, Hotmail, Yahoo, etc), they're probably not genuine.
“You need to sign up right now or you'll miss out on the deal...”
Don't let FOMO ('fear of missing out') push you into making snap decisions. Even if it's a genuine company and you're talking to them on their premises or to an accredited agent, any firm that doesn't give you plenty of thinking time, or which claims the discount is only valid today, is probably trying to pull a fast one.
We know that, occasionally, 'real' companies will try this tactic to get new customers on board, so as to stop them reflecting and deciding at leisure that, actually, they're quite happy with their existing firm. But if a special offer is the genuine article, it'll still be there tomorrow, or another one will come up next week, and if they really want your business and are confident their service is the best there is, they'll be happy to let you mull it over and shop around.
Kutxabank says this rule applies whether you're being asked to sign for a promotional offer, or to give your details to confirm a transaction, or to claim a prize you've allegedly won.
If the caller or message warns they'll block your card, freeze your bank account or you'll lose the prize unless you act quickly, red flags should be flapping as vigorously as on beach in a Force 10 gale.
You'll never be asked by a genuine seller or competition organiser to give your financial details, and absolutely nobody on earth will ask for your banking access codes or card or cashpoint PIN unless they're trying to fleece you.
In Spain, it is very rare for companies to accept payment by credit or debit card over the phone – some firms do, but be aware that you may not be able to buy something or settle a bill this way, so if someone else is paying on your behalf, they will have to transfer the money to you or make direct contact with the company.
It is, however, more common in Spain for bank account numbers, with the IBAN code, to be made widely available – businesses may give you theirs to transfer payment into, and charitable collections will sometimes be advertised with an account number and the bank name.
This works on the basis that someone knowing your bank account number but no other details connected with it means that someone can pay money in, but cannot get it out.
“Your card has been blocked...”
No, it hasn't. If you're told it has, through any source, get in touch with your bank straight away – if it's a genuine blockage, they'll lift it for you.
This might be for a number of reasons, such as a card expiring, or an unusual – especially large – purchase attempt made, but you'll never be asked to confirm passcodes or PINs to get it unlocked again.
Almost-perfect website design
Just because a website looks exactly like the one you've been using for years doesn't mean it actually is that same site. Check it out carefully, and make sure the address you've typed in reflects the fact.
This comes back to clicking on links in messages – if you do this and are taken to your bank's website, you might assume all is above board, but fraudsters are quite artistic when it comes to copying an online banking page, so unless you've manually opened it in another tab, you shouldn't trust that the site resulting from the link has taken you to the right place.
Watch what you download
Getting messages urging you to download an App to watch films, sporting events or TV shows is another route to installing what's known as 'malware' in your devices – rogue software that allows con-artists to hijack your details – or 'adware', which is plain annoying, causing unwanted adverts to cover your screen or automatically reroute you to them whenever you open a web page.
If you want to download films or stream shows or events, do so via the genuine website, not from a link in a text message, email or WhatsApp, and never download any Apps from sites that are not the official ones for these.
“Your computer has been hacked...”
Fast becoming the oldest trick in the cyber-book, random calls are made (without even bothering to check if the recipient owns a computer) telling you that they're from MicroSoft, Apple, or similar, and that your device is infected or has been hacked.
They offer to fix it for you if you log into a 'team-viewer' type of programme, enabling them to access your PC or phone remotely and 'repair' it.
Of course they won't repair it, but they will leave you in a fix. Hang up, make a note of the number they called you from, and tell the police.
Bizum: No need to enter a code if you're getting paid
“Take care with messages introduced as 'concept' [Concepto], as they could be fraudulent,” Kutxabank warns.
“Remember that to be able to receive a Bizum payment, you'll never have to put any passcode or PIN in.
“Carefully check what type of operation you're carrying out – receiving or making a payment [pagar or recibir].
“If you're due to receive a payment, check that you're actually being sent money rather than being requested to pay that amount yourself.”
Hackers can sometimes send you payment requests on Bizum that you might click on automatically without realising, assuming it's someone trying to actually pay you.
Avoid using public computers for banking or buying, or inserting drives of unknown origin
Try not to use an internet café, communal computer in a library or social centre, for anything with your money connected to it, in case they're infected.
In reality, most cybercafés keep their anti-virus programmes up to date and delete all data between customers, but some may not, and this is not necessarily the case if it's a computer in a community centre, for example, where these are normally unmanned.
Also, don't plug in a phone via USB, insert a CD, DVD or pen-drive into your computer unless you know where it's come from, just in case it's infected with malware.
Use 'TouchID' if your phone allows it
Some modern SmartPhones offer the option of registering your fingerprint, which you can then use to fill in password information. Given that every person's fingerprint is completely different – assuming we're all born with eight fingers and two thumbs, that means there are 10 times 7.44 billion biological 'patterns' on planet earth – so it's extremely tough for even the most experienced hacker to forge yours.
This option makes online banking Apps and purchases safer when operating them on your phone.
Facial recognition technology is also sophisticated enough these days that it's hard to fool the system, given that few of us are identical down to the finest detail – unless you have a monozygotic twin who's determined to spend the contents of your account, of course.
But then, naturally, you'll know who the culprit is – or that it's one of your siblings, at least, if you're an identical triplet or quad.
Related Topics
More News & Information
OVER two million items for sale on Amazon and found to be fakes or non-existent were deleted by the company's anti-fraud team in 2020 alone, according to its Brand Protection Report, and a handful of firms...
A MIXED online and in-person awards ceremony for the 'Top 100 Women Leaders in Spain' saw everyone from Paralympic sporting greats to national politicians, artists and writers through to chief executive officers...