The following screenshot is from a fraudulent mail that simulates being sent by the BBVA bank (click on the images to see bigger):
Fake BBVA email
The technique is the usual one, an alleged problem with the account and links to a false page that at first glance seems to be that of the bank. Note the actual destination of the links (red arrow), this can be easily verified by hovering over the links without clicking.
If the victim does not notice this detail, it ends in the following Fake page, designed to steal all information entered:
Bank fake page
Finally, the victims are redirected to the real bank site.
Let's compare the URLs of both sites:
Fake site: http: //www.bbva.web.servicio.***.org/TBSL/tbls/particulares/index.htm
Royal site: https://www.bbva.es/TLBS/tlbs/esp/segmento/particulares/index.jsp
Note that the domain of the actual site is www.bbva.esIt also includes HTTPS at the beginning. The rest of the URL can lead to confusion and attackers play with it, unfortunately many banks have the peculiar way of using URLs complicated and difficult to remember.
Thanks born for the warning.