They warn about a maneuver to seize bank accounts – Police

The Fiscal Unit Specialized in Cybercrime (Ufeci) warned about a maneuver to steal homebanking users and passwords and seize Banco de Galicia customer accounts through fraudulent email messages.

The Ufeci, in charge of the prosecutor Horacio Azzolin, took complaints from users who received emails on behalf of the bank in which they are asked to enter a link to validate their credentials.

The link leads to an apparently legitimate environment where the theft of the information entered by the victims themselves is configured.

The warning stems from a series of complaints made to that tax unit by people who received a message in their emails with the bank’s logo and colors

The misleading message bases the request for the client’s credentials precisely on security reasons, with different variants, but in all of them a peremptory term is communicated on behalf of the bank -generally 24 hours, after which it is warned that the account will be suspended – to perform the false data validation required.

For example, one of them says: “We are carrying out a data validation process at Banco Galicia that allows us to provide you with security in your transactions. We inform you that you have a period of 24 hours to access your Online Banking through the following link, which allows us to verify your identity, otherwise your bank accounts will be automatically suspended and you will have to go personally to one of our branches”.

Another message, which in its text includes a personalized treatment consigning the email address of the recipient-victim, states: “This is an electronic notification to inform you that your Online Banking has been suspended due to the fact that you have to register your data to comply with the new security changes in our platforms due to several fraud reports, restoring access will only take a few minutes. It is important that you register this requested data within a period not exceeding 24 hours: Otherwise, you will not be able to receive or carry out any type of transaction” (sic).

Also, another email states: “Your Token has been deactivated on your device. To restore access to your account and activate the Token again, please go to the following link.”

Since 2020, various campaigns have been generated to send this type of email to a large number of recipients in the name of different banks or commercial firms, such as digital wallets, email accounts (which once won are used to, in turn, distribute emails of this type) or streaming services such as Netflix.

From the Ufeci it is recommended to always verify the sender’s email address and, if it is not the official one of the bank, assume that it is false.

When in doubt, it is suggested to contact the bank or enter homebanking without following the link sent in the email received or searching for the URL using search engines and enter homebanking from the bank’s official website.

The UFECI also requested that anyone who notices unauthorized access to their account notify the bank and turn to the local authorities to file their complaint.

Leave a Comment