A method widely used by cybercriminals from all over the world is the creation of websites false that impersonate those of recognized companies offering products or services, there they have access to the personal information and banking of the users in a very simple way.
These delinquents have implemented the ability to fake to their resource list websites of banks to have direct access to the information personal banking, including access keys to savings accounts in order to extract money of them.
According to the cybersecurity company, ESETa set of cybercriminals came to develop a website supplanted the identity of Itau Bankan entity that has a presence in several Latin American countries and whose image was used by these bad users to attack the savings of users of Brazil and of Argentinawho were affected by this page.
How cybercriminals tricked users
Like any other hoax in which the identity of a company or official government entity, cybercriminals created a new website very similar to the official one, but the url of this new page included an additional letter in the name. Instead of being Itaú, the criminals wrote “Itaur”a barely perceptible difference for users who do not pay attention to this type of detail.
On the other hand, this minimal difference could have allowed this page fraudulent to be positioned among the first search results in Google in form of advertisement.
According to ESETthe aesthetic and functional similarity generates that users do not hesitate to enter their Bank data to access the platform customers. After this procedure, the criminals activate a verification countdown of approximately 30 secondstime that is used by criminals to verify that the data is correct in the real system of the banking entity.
Furthermore, to circumvent the two factor authentication If the data is correct, a screen is also displayed requesting a code additional verification that the user will be providing to the criminals without knowing it.
After infiltrating the user’s account, the criminals display a new screen stating that the web page is unavailable to prevent the customer from realizing that they have fallen into the cheated. It also shows the Url address of the bank branch in Argentina requesting that an attempt be made to enter from that platform, but this will already be too late because the delinquents will have already accessed savings of the users.
In the case of the version of the hoax for bank customers in Brazilthis is aimed at people who access a fake url from an email that would be linked to a campaign of phishing which is also supplanting the identity from the bank.
In a statement, Banco Itaú reported: “The site was reported in a timely manner and was immediately removed. The channels are not being affected. At Itaú we constantly campaign to raise awareness so that our clients do not fall for any kind of scam.”
For the cybersecurity company, users of this type of platforms should be alert to possible scams of this type to prevent the loss of savings. To do this, people must pay close attention to what kind of page Web visit and if the address is correctly written.
It is also indicated that all websites Legitimate cookies include a security certificate provided by the web browser. Google Chrome and that can be found to the left of the Url address. With regard to contacts with the bank, it is advisable to use the links and accesses that are provided in the official social networks of these institutions.
Keep reading:
