If, while you are quietly resting or diligently working, you receive a phone call claiming to be from one of your utility companies, informing you that, as a customer, you have a very interesting offer, be suspicious. If, to lend credibility to the call, they start citing personal data they have about you, be suspicious. If, to access the offer, you only need to accept it and provide them with some data they will send to your mobile to confirm it, be suspicious.
If the real utility company were to apply a discount, they would do so without further ado and inform you, but you probably would not have to confirm anything. If they have certain data, it is likely because they have obtained it irregularly. If you share the data that arrives on your phone, you are probably giving them the security codes to access your online banking, where they are waiting at the door with malicious intent.
If you receive such a call, make it very clear that you cannot attend to them and that you will call the company in question later to confirm the offer. Of course, if you want to verify the authenticity of the call, locate the official contact details on the company’s periodic invoices and contact them directly, but never use a number they provide to return the call. If you answer the call out of curiosity or because it seems credible, never give any consent. And never, ever! share security keys sent to you by the bank with third parties; they are security keys, and doing so would be like handing over the access keys to criminals lurking at the door with ill intentions.
And if at this point you wonder how it is possible that they have so much and such precise information, there are several possible answers: they may have accessed that personal data illegitimately, through security breaches in companies that legitimately safeguarded it, which is then trafficked on the black market. Or consider that it could simply be information you have shared online, either on social media or by filling out forms to register on a website or service in response to tempting offers, which require personal data, phone numbers, addresses, etc.
If you realize this after it has all happened, contact your bank, which will advise you on how to proceed. And remember, banks, just as they have security measures in branches to prevent unwanted access, also safeguard customer funds and data in the virtual world. They are prepared to contain unauthorized incursions, but if the perpetrator arrives at the door with the keys to enter because we have inadvertently handed them over, it will be difficult to stop their access. Be cautious and do not do online what you would not do in a physical environment.
Pilar Clavería, Advisor to the Spanish Banking Association
