The site analyzed will be another case of Banco Santander Mexico where first of all the first thing we did was to get the complete phishing package used by the criminal and verify the source files to get information about the files and the author.
The scanned ZIP file is about 1MB and contains part of the bank's actual actual site such as images, styles, and other files needed for the data request part to work. It also contains the PHP files necessary to carry out the theft of data and its storage on the site of the criminal (in this case a compromised server). Here is the ZIP mentioned:
Once the internal structure is known, each file containing the stolen information begins to be analyzed. As in the previous case, the first thing we see is the amount of income to the fake site, which in this case is 1,968 and if we eliminate the repeated income there are 1,047 unique IPs.
Of course not all income corresponds to real information as in this case where someone left a clear message to the offender:
He said, if about the filtering of users who entered the site it is analyzed who really entered their personal information and their bank details we get a chilling number: 132.
People like percentages so we'd be saying that out of 1,047 users, 132 entered their information. If the math does not fail this indicates that 12% of the users who entered the fake site, also gave their personal data to the criminal. I repeat: a chilling high and worrying fact.
The data that is generally calculated is that 4% of users enter a fake email. Adding that data to what has been said above must:
However, banks and companies maintain that there are no cases of phishing in America. Maybe they need other tests, although I don't know which ones.
Cristian from the Segu-Info Newsroom
