Wave of phishing attempts to impersonate Banco Santander

During these last few weeks there has been a massive attempt to deceive the user by the phishing method, posing as Banco Santander.

Through a message that comes to us by email they make us believe that we have some pending action and they offer us a link so that we automatically enter the access page to said bank. Of course, the link takes us to a page that pretends to be the one of the bank, but that is really FALSE.

This is the mail that is massively being sent out.

Oleada de intentos de suplantación del Banco Santander o phishing

The message specifically states says:


We want to inform you that you have a new update.

Check your email by clicking on the link below:

Consult the inbox

Thanks to not answering this message, you will not have to answer.
Please, use our “Contact” section on our website.



If we click on the link provided, we will arrive at a Web page that perfectly simulates that of Banco Santander and in which they ask us to write our username and password. The purpose is to steal these credentials to access our account with ease.

We can tell that the page is false if we look at the Web address or URL, marked in red in the image.

Oleada de intentos de suplantación del Banco Santander o phishing

There we see that it does not look at all like the correct address that would be “https://www.bancosantander.es”, nor does it have any relation with the name of this bank.

The impersonation is of very good quality. Not only do they perfectly mimic the look of the page that we may be used to seeing, but we even see that the security badge appears in green “https //”.

That part of the address has the function of showing that the page is secure. Apparently they have been able to register it as such or have mocked the system so that it appears even if it is not.

We see therefore that, although it is a good indication in general to show the security of a Web page, we should not only look at it and we should also check the very address or domain.

Massive campaign

In our emails, more than 20 deceit attempts have been made within one or two weeks. Such is the intensity of the surge that even the bank itself has installed a notice on its own page to warn all customers at the time they access their account.

Oleada de intentos de suplantación del Banco Santander o phishing

Oleada de intentos de suplantación del Banco Santander o phishing

Advice to be forewarned

  • As we explained above, we must check the Internet addresses or URL of the pages we visit and check that we have accessed the expected domain.
  • Pay attention to suspicious emails. Although it is not the only source of phishing, the email message in our inbox is the most frequent. We must distrust almost any email received with a link that leads to a page where we are requested to include personal data. We should only trust if we know exactly the reason why it leads us and we see that it is the page we are waiting for.
  • Phishing attempts can come to us through many other means, since the sending of links to access the Internet works today with many other means of messaging, such as WhatsApp, Messenger, SMS and any social network that we can use.
  • Secure pages in bookmarks. If we usually access pages where we are asked for credentials, such as our bank, the most prudent thing is to open them always from our own shortcuts that we have previously saved in bookmarks or favorites, making sure they are the true ones. Never use external links to access these types of pages.
  • Keep the browser updated and, if possible, use Chrome, which responds more quickly to complaints from users, blocking the fraudulent pages by means of a warning message.
  • Report in the specialized media of the Police when we are witnesses or victims of a case, as in this email provided by the Police of Spain: fraudeinternet@policia.es. Using mechanisms to report phishing attempts we receive helps combat them. In addition to the email address of the Police, it is also convenient to use this form that Google makes available to all users to report this type of page.