If you have received an SMS that says “Your ING account has been blocked” , be very careful: you are probably facing a new and dangerous scam to steal your bank details.
The SMS reaches your mobile without prior notice, and if you are an ING customer, it will enter directly into the true SMS thread of your bank . But it is a dangerous scam that redirects to a fake website to get your access codes to ING.
Your ING account has been blocked: watch out for the SMS scam
INGDirect. Your ING [] account has been temporarily blocked . To activate your account you can access safely from… "
The SMS indicates a number that is supposed to be the account number , but of course it does not match, not even with the beginning or the end of the series.
The indicated URL is shortened and we cannot fix on the final address until we have entered the website. This is already a red flag.
And this is where the SMS scam becomes even more dangerous , because the website the scam takes us to is practically identical to the original login page of the ING bank.
The form asks us to fill in the DNI and the date of birth, and then request all the numbers of the access code . This, of course, set off all my alarms, as banks will never be able to request all of your identifying information.
Broadly speaking, the web looks almost identical to the original, but when trying to navigate through its different links, none of them worked . Neither the sections on ATMs, nor the links on the privacy or security policy ...
Also, the footer icons caught my attention because they appeared slightly pixelated , something that is not the case with the original icons on the ING Direct website.
And let's not forget the most important verification that you should always do when dealing with this type of suspicious message: the web security certificate .
In the browser bar, both on your computer and from your mobile, you can click on the padlock that appears next to the URL to consult the certificate information. It is not enough to be on an HTTPS website : you have to verify that the certificate really belongs to the ING bank.
In the case of this scam, all the details were difficult to detect. For example, when accessing from my mobile, the entire URL is not visible on the screen and only “// ingdirect…” is seen, but when entering from the computer it is possible to verify that the full address is “ingdirect-esonline.com ” .
Reviewing all these details, it is clear that SMS scams are becoming more sophisticated , and that this attempt to steal data from ING customers is very dangerous because it is difficult to identify.
How to detect that the alleged ING bank website is a scam
Both in this false notice of an ING account blocked and in any other suspicious message, do not forget to always check the security certificate of the web. And, of course, remember that no bank will ever ask you for all your access data together, not all the numbers of your security code, nor all the codes of your coordinate card.
When in doubt, it is better to contact the Customer Service of your bank to check if there really is a problem.
Also, if you suspect that it is a scam, do not forget to notify the National Police as soon as possible through its Citizen Collaboration section. If you have been a victim of the scam and your data has been stolen, report it immediately to a police station.