Recently, many users have received SMS messages supposedly sent by BBVA reporting “improper access” or the blocking of their account to urge them to reactivate it using a link or telephone number. But beware: this is a case of phishing — a scam that impersonates legitimate entities seeking to steal data or get money. The financial institution itself has confirmed it as fraudulent, so extreme caution should be exercised.

What does the fraudulent message contain?

  • The SMS alerts of “improper access from an unrecognized device” or of the blocking or deletion of the account, trying to put pressure on the user.
  • Include a link or a telephone number with the Spanish prefix +34 for the receiver to “reactivate” their account or get in touch if they don't recognize the alleged access.
  • The sender is presented as BBVA, but the URL does not belong to the bank's official domain. An analysis with security tools described this website as “phishing”.

Why do we know it's a fraud

  • BBVA has informed the verification media that it never sends SMS or emails with links or contact numbers to alert of alleged improper access or to reactivate accounts.
  • The messages include misspellings, alarmist tone and unjustified urgency — typical characteristics of phishing campaigns.
  • The misleading pages have been analyzed by malware and phishing detection services, confirming their dangerousness.

How do these financial phishing campaigns operate

Cybercriminals who impersonate banks such as BBVA use increasingly sophisticated infrastructures to multiply the reach of their attacks. They tend to register domains that mimic the original ones, use mass SMS messaging gateways and precisely replicate the interfaces for accessing online banking. The goal is not just to steal credentials: in many cases they seek to obtain verification codes, second keys or enough information to initiate fraudulent transfers in a matter of minutes.

What to do if you receive one of these SMS messages

  • Don't click on any links or call the number that appears in the message.
  • Always check from official channels — the bank's app or its website by typing the URL manually.
  • If you've already accessed the link or shared data, contact your bank immediately and check your account for strange movements.
  • Always activate additional security measures such as two-factor authentication (2FA) and keep your system up to date.

Protect your bank against phishing

If you want to protect your digital security, keep your data safe and detect impersonation attempts before they cause harm, at Apolo Cybersecurity we can help. Audits, training and proactive strategies are the best defense. Don't wait for cybercriminals to activate the next attack — bolster your security today.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity