The Computer Security company, ESET Latin America, warns about a phishing campaign that impersonates the identity of a renowned bank that operates in Argentina and several Latin American countries, and that seeks to steal access credentials to the electronic banking system.
ESET, a leading company in proactive threat detection, alerts for a phishing in which the identity of a recognized bank with a presence in several Latin American countries is spoofed. By means of an email, client users are deceived by warning them that their account has been suspended for prevention, and that it must be reactivated as soon as possible to avoid the definitive cancellation. The email includes a link to supposedly reactivate the account. It is important to mention that, like clients, entities whose identity is impersonated in these types of campaigns are also victims of malicious actors.
Although the email that users receive is concise and uses the image of the entity it claims to represent, it contains several elements that indicate that it may be a suspicious email. In this instance, ESET recommends users to contact the bank directly to verify the validity of the email or even report the deception.
They share the elements that serve as examples for the general analysis of suspicious or unexpected emails that are received in the inbox:
The sender: As can be seen in this case, although the address includes the name of the financial institution, it does not correspond to an official domain but to a mail service external to the bank. That detail is enough to consider a communication suspicious and not follow through with the steps suggested by the message.
The link: If the user places the mouse cursor (on a mobile device, he must keep pressing his finger on the button containing the link, without releasing it), he will obtain the detail of the URL to which he is invited to access without having to carry out the action. If the address does not match the bank's official website or one of its subsidiaries, it is important to avoid entry.
“Both the sender and the link are fundamental elements of analysis before any email we receive. In this specific case, the elements that we observe in the three previous images should be sufficient to confirm that it is a scam that will seek to compromise, in some way, the safety or information of the victim. “, Said Luis Lubeck, Specialist of IT Security of ESET Latin America.
A third warning signal is observed in the URL that should make the user desist from moving forward. At the top of Image 4, the address in the browser bar shows that it does not correspond to the name of the bank whose identity it claims to represent.
“It is important to analyze these details since, as can be seen in the last image, the site perfectly copies the image of the official page to access electronic banking and invites the user to enter their access credentials. One detail that speaks of the level of similarity with the official site is that it includes a message with security recommendations similar to those shown on the legitimate site. Clearly, with the aim of raising the least amount of doubts possible in the victim. ”, Adds Lubeck.
For the analysis, fictitious data were entered and it was found that the campaign only seeks to steal the electronic banking username and password, since once the credentials are entered, the deception redirects to the bank's official site in Argentina. At this point, if the user is surprised by the action of the page and re-enters their credentials on the official site, they will verify that they will be able to access without problems, and without noticing that they gave their credentials to cybercriminals.
Taking into account that the financial sector is one of the most chosen by cybercriminals to carry out phishing attacks, mainly because of the value of the information obtained, ESET maintains that it is essential that users are alert and learn to recognize false messages to avoid accessing, through any messaging system, malicious links.
In case of assuming that the message could turn out to be legitimate, it is recommended to access the electronic banking service by other means and verify that everything is in order. In case this is not the case, you will eventually come across an alert notification within the site itself.
“It is important that users bear in mind that in case a company needs this type of information from its clients, it is most likely that it will publish a statement on its official site or that the message will appear when entering the banking system electronics. No company should request by mail the entry of personal data such as passwords, numbers and security codes of credit or debit cards. ”, Concludes the specialist.
