Warning to CaixaBank Customers: New SMS Scam Targets Account Security

In a alarming development, a sophisticated SMS scam has been identified, targeting customers of CaixaBank, one of Spain's major banking institutions. This scam, which has been flagged by the Agencia de Ciberseguridad de Cataluña (Catalan Cybersecurity Agency), is part of a larger campaign of cyber fraud that has been affecting CaixaBank clients since early January 2025.

The Scam's Modus Operandi

The scam begins with the receipt of a deceptive SMS message that appears to be from CaixaBank. These messages often display an alphanumerical identifier, such as 'CaixaBank', which can be easily spoofed by advanced users, making it difficult to verify the authenticity of the message. The SMS alerts the recipient that a new device, identified as 'Redmi (9AT)', has been linked to their bank account and prompts them to verify this information through a provided link.

However, this link does not direct users to the official CaixaBank website but instead to a fake webpage controlled by the cybercriminals. This tactic, known as "smishing," aims to create a sense of urgency and panic among the victims, encouraging them to quickly enter their banking details on what they believe is a secure webpage.

The Consequences

If a user falls for the scam and enters their banking details, the cybercriminals gain illicit access to their account. This allows the perpetrators to perform unauthorized transactions, including transfers and payments, effectively draining the victim's account[3].

Creating Fear and Urgency

The strategy behind this scam is to instill fear and a sense of immediate danger in the victims. By making them believe that someone is attempting to access their bank account, the scammers exploit the natural reaction of panic, leading people to act hastily and share sensitive information in an attempt to "protect" their accounts[1].

How to Protect Yourself

To safeguard against this type of fraud, several precautions are recommended:

• Avoid Clicking on Suspicious Links: If you receive an SMS indicating a problem with your bank account, do not interact with the provided links. Instead, verify the issue directly through your bank's official channels or mobile app.
• Delete the Message and Warn Others: Immediately delete the suspicious message and inform your contacts to be alert to similar scams.
• Remember Bank Policies: Banks, including CaixaBank, never request personal or financial data via SMS, email, or phone calls.
• Report the Fraud: If you have received or interacted with such a message, notify the relevant authorities and your bank immediately[1].

CaixaBank's Response

CaixaBank has reiterated its commitment to customer security, emphasizing that all important notifications are sent through their official applications and channels. The bank advises customers to remain vigilant and cautious when receiving unsolicited messages that request sensitive information[1].

As the number of cyber scams continues to rise, it is crucial for CaixaBank customers and the broader public to be aware of these threats and take proactive steps to protect their financial security. Stay informed, stay vigilant, and never compromise on the security of your personal and financial data.