The Fiscal Unit Specialized in Cybercrime (Ufeci) warned about a maneuver to steal homebanking users and passwords and seize Banco de Galicia customer accounts through fraudulent email messages.
The Ufeci, in charge of the prosecutor Horacio Azzolin, took complaints from users who received emails on behalf of the bank in which they are asked to enter a link to validate their credentials.
The link leads to a legitimate-looking environment where the theft of the information entered by the victims themselves is configured.
The warning stems from a series of complaints made to that tax unit by people who received a message in their emails with the bank’s logo and colors
The misleading message bases the request for the client’s credentials precisely on security reasons, with different variants, but in all of them a peremptory term is communicated on behalf of the bank -generally 24 hours, after which it is warned that the account will be suspended – to perform the false data validation required.
For example, one of them says: “We are carrying out a data validation process at Banco Galicia that allows us to provide you with security in your transactions. We inform you that you have a period of 24 hours to access your Online Banking through the following link, which allows us to verify your identity, otherwise your bank accounts will be automatically suspended and you will have to go personally to one of our branches”.
Another message, which in its text includes a personalized treatment consigning the email address of the recipient-victim, states: “This is an electronic notification to inform you that your Online Banking has been suspended because you have to register your data to comply with new security changes on our platforms due to several fraud reports, restoring access will only take a few minutes. It is important that you register this requested data within a period of no more than 24 hours: Otherwise, you will not be able to receive or perform any type of transactions” (sic).
Especially since 2020, various campaigns were generated to send this type of email to a large number of recipients in the name of different banks or commercial firms, such as digital wallets, email accounts (which once won are used to, at their time, distribute emails of this type) or streaming services such as Netflix.
From the Ufeci it is recommended to always verify the sender’s email address and, if it is not the official one of the bank, assume that it is false.
When in doubt, it is suggested to contact the bank or enter homebanking without following the link sent in the email received or searching for the URL using search engines and enter homebanking from the bank’s official website.
The UFECI also requested that anyone who notices unauthorized access to their account notify the bank and turn to the local authorities to file their complaint.