A phishing campaign targeting Banco Sabadell users in Spain employs SMS and email, mimicking a security update to steal credentials and Digital Signature (Firma Digital) codes. The attack uses lookalike domains, such as sabadell-online-seguridad.net or acceso-bancosabadell.com, to redirect victims to a Man-in-the-Middle site designed to harvest login data and authorize fraudulent transfers in real-time.
Incident Report: This spoofed page was intercepted, verified, and locked down firsthand by the
Antiphishing.bizsecurity team during our automated link scanning workflows. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.
A Sabadell Bank phishing campaign uses SMS-based social engineering to falsely warn customers of a blocked account, directing them to a fake, pixel-perfect site designed to steal login credentials and digital signatures in real-time. This sophisticated scam tricks users into entering their app-generated security codes to authorize unauthorized wire transfers. Users are advised to avoid clicking links in SMS messages and only use official app channels.
This Banco Sabadell phishing case highlights a real-time Man-in-the-Middle attack, where criminals use urgent smishing tactics to steal credentials and SMS OTP codes instantly to authorize fraudulent transactions. Users must understand that SMS security codes are used for authorizing transactions, not for logging in, and that banks never send login links via text. To protect accounts, always log in manually via the official website and carefully read the purpose of every SMS code before entering it.