Overview
- ING and Abanca have alerted customers to an active impersonation campaign that drives users to look‑alike websites to collect IDs, passwords and SMS verification codes.
- Both banks reiterate that legitimate institutions do not request full PINs, CVV numbers or one‑time codes through unsolicited emails, texts or calls.
- Criminals are combining phishing emails, SMS smishing and vishing calls with spoofed caller IDs and attempts to install remote‑access tools such as AnyDesk or TeamViewer.
- Key red flags include urgent threats, instructions to transfer money to a “secure” account, shortened or suspicious links and requests for information the bank already holds.
- Authorities urge immediate steps if data was shared: block cards, change passwords, contact the bank via official numbers, preserve evidence and report the case, with Spain’s Guardia Civil probing a smishing incident in which a victim transferred €10,180.