SMS

We will increasingly see more “verified” SMS against fraud. The important thing is to understand how they really work

by

We live watching our cell phones and what appears on their screen, from a notice from the bank to a code to authorize a payment. This dependency has turned the text message into fertile ground for deception, with campaigns of smishing that imitate well-known companies and sneak into conversations that seem legitimate. The problem is not only technical, it is trust: distinguishing at a glance who is really on the other side. For years, SMS has treated legitimate and fraudulent messages equally, and that neutrality is exactly what attackers exploit. Malicious campaigns detected in Spain show how names and formats of known entities are copied to gain the trust of the recipient. These messages are designed not to raise suspicion. And often, when doubt arises, it is too late to react. Say ‘hello’ to verified messages. Faced with the erosion of trust in traditional SMS, the industry has chosen to reinforce the identity of the sender instead of placing all responsibility on the user. Verified messages introduce a relevant change: they make visible whether a company has been recognized as legitimate before the message reaches the mobile. Supported by the RCS protocolthese messages add a name, logo and verification indicators with the intention of reducing one of the main weapons of fraud, confusion about the real origin of the message. BBVA. This is how it looks on mobile. In Spain, BBVA has been one of the first large banks to show this change visibly for the user. On Android, the bank’s official messages are identified with its name and logo, accompanied by an indicator that indicates them as an official channel. By clicking on that logo, the user can verify that the associated data, such as the telephone number or website, match those of the bank. Furthermore, these communications arrive in a different thread than traditional SMS, precisely to prevent them from being mixed with fraudulent messages. Bankinter has also taken the leap. Bankinter has partnered with Telefónica to distribute verified messages. The entity explains This will improve the security of “critical communications”, such as single-use codes for transfers or online payments. Here we will also find the sender verification confirmation, the official logo and additional information such as the website and a telephone number. How verification works. Behind that visible badge there is a process much less obvious to the user. The standard defined by the GSMA establishes several preliminary stages before a company can send a single verified message. First, the entity must register its identity, with a specific name and logo, and submit it to external certification by a third party that validates that the entity can use that name and logo. This validation is not enough on its own: the authority that issues it must be included in the trusted list of the recipient’s operator. Without that complete string, the check simply doesn’t show. Who verifies who. Here the so-called Verification Authorities come into play as third parties in charge of validating that a company is who it says it is before it can send verified messages. That role may fall to private companies specialized in digital verification, mobile operators or even government entities, depending on the deployment and the country. Afterwards, it is the user’s operator who decides whether they trust that authority, something that is sometimes reflected visibly in the message itself, as occurs in an official Bankinter example, where the system indicates that the verification has been carried out by Movistar. The final verification occurs when the message reaches the phone. According to the GSMA standard, the messaging app automatically downloads the sender’s profile and runs a series of technical checks before displaying any badge. It is checked that the signature is still valid, that the authority that issued it is accepted by the user’s operator and that the data has not been altered. Only if everything fits does the verification indicator appear; If something fails, the message loses that appearance of legitimacy. Does it work on iOS and Android? This scheme is not exclusive to Android. Apple added support for RCS as a carrier service starting with iOS 18, allowing you to send and receive messages with advanced features when not using iMessage. In practice, the behavior is the same: if the operator supports RCS and the standard is implemented, the system can display the name, logo and indicators associated with the sender. Without this support from the operator, the message returns to the familiar terrain of SMS or MMS, without additional verification signals. For the user, the practical learning is simple: a verified message offers more context and more clues than a conventional SMS, but it does not eliminate the need to remain cautious. Knowing that there is a technical process behind that distinction helps us better interpret what reaches our mobile phones and be wary when something does not match. However, in an environment where malicious actors never sleep, caution remains essential. Images | Vitaly Gariev | BBVA | Bankinter | Gemini 3 Pro In Xataka | Cybersecurity experts by day, cybercriminals by night: how two professionals fell after using ransomware

Calls and SMS pretending to be our bank are the past, scams with AI cloned voices are the future: Crossover 1×26

by

Scams are a lifeless thing. They surround us and they flood us because we have never been more connected and more distracted. And scammers and hackers know this and try to get more out of it. And that’s how it goes for us. We talk precisely about that reality in this episode in which Jaume Lahoz has as a special guest Maria Aperadoran expert in cybersecurity and criminology, and who makes an exhaustive review of the techniques that are most used to scam us. The ones before, and the ones now. Thus, it tells us about banking scams and identity theft, but also about the danger that the user faces when they install fake applications or when they resort to pirated software and broadcasts: in many cases, saving some money to watch a match or be able to play a video game can make let’s install some malware without realizing it and, of course, ending up being very expensive. But all these methods are now added the danger posed by artificial intelligencewhich allows cybercriminals to attack more and better than ever. especially with deepfakes and cloned voices that can end up convincing us… and ruining us. There are, of course, ways to protect yourself and to avoid possible scares. María Aperador tells us about all of them and opens a door to hope. As that one said, be careful out there. On YouTube | Crossover

Google is even the noses of the fraud by SMS and calls. Android’s new functions are going to hunt

by

Important day for Android and consumer technology. Google has made official some of the changes that will arrive with Android 16. Among them, Material 3 Expressivethe new design language that will land this 2025. In addition to changes in the interface, Google wanted to focus on security and privacy. To do this, it opens a good number of functions that will land in the coming months. Protection against fraudulent SMS. It is more than probable that, in recent months, you have arrived some SMS that promised to be from a telephone company, parcel company or the like. The detection of Scams in Google messages will improve with Android 16and Android will notify in real time of possible fraud. Within the messages itself, the system will notify us when a message is suspicious of fraud: identity supplant, scams related to cryptocurrencies, fraudulent billing … This analysis will be carried out in a 100% local way within the device, so that nothing that comes to us will be processed in the cloud. Also in calls. Google has been doing something very well for years: Filter suspicious spam calls. However, sometimes this is not enough to protect the user. With Android 16, there are certain actions that cannot be made during calls. The objective is to prevent scammers from asking the user to make behaviors that play against them (change security settings, modify some aspects of the system, etc.) during a call. In other words, Android will not only have protection against spam. He will also have it against the SCAM: the various scams that are so on digital roads. Key Verifier. Another of the new tools that lands in the new version of Android is Key Verifier. This is focused on combating fraud due to impersonation of identity, and will allow us to verify the identity of the people with whom we communicate through public encryption keys. Through a QR code it will be possible to verify that the contact is verified in the Google messages app, since its keys must coincide with those assigned. It is a great solution to the popular problem of Sim Swapping, in which they replace our identity by passing through our telephone number. This measure is not linked to Android 16. It will arrive from summer to all devices that have Android 10 or higher. Anti -theft protection. Google premiered interesting Anti -theft functions not too muchand now he wants to take a twist. Safety measures will be reinforced in sections such as the factory reset of a device. It will no longer suffice to know the mobile key, it will also be possible to add an additional layer through a security question. In the same way, this will apply to the remote device block, to minimize the possibility that an attacker can make changes to our mobile if he has had access to any of his keys. Find Hub. Do you remember Find My Device? Well, you can forget him. This Google service evolves to Find Hub, the natural evolution of the app to track our devices. With Find Hub we will have more unified locations not only of objects, but of the contacts that we add to our network, as well as the objects that carry tracking devices such as Tile, Moto Tag and others. Security protection. To finish strengthening system safety, the device protection function arrives. This is a function in which the apps will be informed that it is active, to avoid the temptation to access our information. What exactly do you? While active, anti -theft functions, memory optimizations and applications against possible bugs and errors that can be exploited, network connection protection to avoid insecure websites, and the aforementioned messaging and SCAM options will always be operational. With these fu Image | Google In Xataka | Android anti -theft protection: What is it, what functions it has and how to activate it on your mobile

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.