Banco Santander's Urgent Alert to Thousands of Customers: Be Very Careful When Making This Gesture

Banco Santander is one of the most important banking entities in Spain. With millions of customers and a strong digital presence, the entity has bet on online banking to offer fast and efficient service.

However, its notoriety also makes it a recurring target for cybercriminals. These criminals seek to take advantage of the trust that users place in their bank to carry out increasingly sophisticated frauds.

Recently, they have warned about a scam targeting Banco Santander customers. In this fraud, they use fraudulent emails to deceive victims and steal their credentials.

Banco Santander, victim of a new scam

The cybersecurity company ESET has detected a fraud campaign using the identity of Banco Santander, and also Repsol. In this case, the strikers have resorted to a type of malware known as Snake Keylogger, specifically designed to capture access credentials to various online services.

The deception begins with the sending of fraudulent emails that appear to be official communications from the bank. These messages usually include logos to give the impression of authenticity, causing many to fall into the trap without suspecting anything.

The emails warn the victim about an outstanding invoice or a supposed budget review. By opening the attached file, the user unknowingly initiates the download of the malware. In a few minutes, the system is compromised, and criminals can access credentials stored in browsers and other systems.

This stolen information includes banking data, access to email accounts, VPN, cryptocurrency services. And even online entertainment platforms.

An increasingly sophisticated fraud method

Cybercriminals have perfected their techniques to avoid being detected by security filters. One of the key points of this scam is that fraudulent emails aren't always sent from suspicious addresses. In many cases, strikers use legitimate accounts that have been previously compromised, allowing them to evade spam detection systems during the first few hours.

Additionally, these emails feature a professional design that mimics the bank's official communications. At first glance, they may seem authentic messages, but there are certain details that can reveal the fraud.

The consequences of falling into the trap

When a user executes the malicious attachment, the malware installs on their device and begins to silently collect information. Snake Keylogger is responsible for recording every keystroke, allowing strikers to obtain usernames and passwords without the victim noticing.

The stolen credentials can be used in multiple ways. In some cases, criminals access bank accounts and carry out fraudulent transactions.

In others, they sell the data on the dark web to other cybercriminals, who use it to launch new attacks. They can also use this information to try to access other services associated with the victim's email.