ESET, a leader in proactive threat detection, warns of phishing that supplants the identity of a recognized bank with presence in several countries in Latin America. By means of an electronic mail, the client users are deceived by warning them that their account has been suspended due to prevention, and that it must be reactivated as soon as possible to avoid the definitive withdrawal. The email includes a link to supposedly reactivate the account. It is important to mention that, like customers, entities whose identity is supplanted in this type of campaign are also victims of malicious actors.
Although the mail received by users is concise and uses the image of the entity that it claims to represent, it contains several elements that indicate that it may be a suspicious email. In this instance, from ESET users are recommended to contact the bank directly to verify the validity of the email or even report the deception.
They share the elements that serve as an example for the general analysis of suspicious or unexpected emails received in the inbox:
The sender: As can be seen in this case, although the address includes the name of the financial institution, it does not correspond to an official domain but to a mail service external to the bank. That detail is enough to consider a communication suspicious and not follow through on the steps suggested in the message.
The link: If the user places the mouse cursor (on a mobile device he must keep pressing his finger on the button that contains the link, without releasing it) he will obtain the detail of the URL that he is invited to access without having to carry out the action . If the address does not match the bank’s official website or any of its subsidiaries, it is important to avoid entry.
Both the sender and the link are fundamental elements of analysis before any email we receive. In this specific case, the elements that we observe in the three previous images should be sufficient to confirm that it is a scam that seeks to compromise, in some way, the security or information of the victim., Said Luis Lubeck, Security Specialist ESET Latinoamrica IT.
A third warning signal is observed in the URL that should make the user stop moving forward. At the top of Image 4, the address in the browser bar shows that it does not correspond to the name of the bank whose identity it claims to represent.
It is important to analyze these details since, as can be seen in the last image, the site perfectly copies the image of the official page to access electronic banking and invites the user to enter their access credentials. A detail that speaks of the level of similarity with the official site is that it includes a message with security recommendations similar to those shown on the legitimate site. Clearly, with the aim of raising as few doubts as possible in the victim, adds Lubeck.
For the analysis, fictitious data was entered and it was verified that the campaign only seeks to steal the user and password of the electronic bank, since once the credentials were entered, the deception redirects to the official site of the bank in Argentina. At this point, if the user is surprised by the action of the page and re-enters their credentials on the official site, check that they can access it without problems, and without noticing that they gave their credentials to cybercriminals.
Taking into account that the financial sector is one of the most chosen by cybercriminals to carry out phishing attacks, Mainly due to the value of the information obtained, from ESET they maintain that it is essential that users are alert and learn to recognize false messages to avoid accessing malicious links through any messaging system.
In case of supposing that the message could become legitimate, it is recommended to access the electronic banking service by other means and verify that everything is in order. If this is not the case, you will eventually find an alert notification within the site itself.
It is important that users keep in mind that in the event that a company needs this type of information from its customers, it is most likely that it will publish a statement on its official site or that the message will appear when entering the electronic banking system. . No company should request through the mail the entry of personal data such as passwords, numbers and security codes of credit or debit cards., Concludes the specialist.