We have reported a case of Phishing to Banco Popular de República Dominicana.
The fake email takes the user to a site that has been previously violated and as always shows the fake page where it is easy to appreciate that of course it is not the Bank:
This case has an interesting particularity: if in the form if data that has already been entered (stolen) previously is entered, the site communicates that those data are not valid and that others must be entered.On the other hand, if real data is entered, the user is informed that the account has been deactivated and that to reactivate it the data of the complete coordinate card must be entered:
Then, this information is requested, being 40 the fields to be completed:
That is to say that at this moment the criminal is made with the access data (user and password) and the coordinate card necessary for the realization of bank transfers. Once the information theft has been successfully carried out, the user is informed that he can now use his homebanking account again:
And then he is redirected to the real site of the bank, to avoid any suspicion.
Like any case of Phishing, it has no surprise but the incredible thing is that there are people who still ask or do not know how these frauds work, which without going any further I happened yesterday at an event: they have asked me what is phishing? and when I show them these real cases they have been looking at me with a astonished face.
Yes, the situation is worrying and that is why the need to inform.
Update: As always dese Segu-Info we have already reported the case to proceed with its cancellation.
Cristian from the Segu-Info Newsroom
Leave your comment