Friday, August 05, 2022 – Updated at: 09:45hs. from 05-08-2022
The Fiscal Unit Specialized in Cybercrime (UFECI), in charge of the prosecutor Horacio Azzolin, issued a new warning following a phishing maneuver (seizure by deception of personal data) aimed at taking control of Banco de Galicia’s home banking accounts.
The warning stems from a series of complaints made to that fiscal unit by people who received a message in their emails with the bank’s logo and colors asking them to enter a link provided in the same email where they should consign your username and password in an environment similar to the real one with which the entity’s clients operate. That is where the theft of personal data takes place, because once the client enters their credentials (username and password), the people hidden behind the false message can access the bank accounts and take control of them to carry out operations.
The misleading message bases the request for the client’s credentials precisely on security reasons, with different variants, but in all of them a peremptory deadline is communicated on behalf of the bank -generally 24 hours, after which it is warned that the account will be suspended- to carry out the false data validation required.
For example, one of them says: “We are carrying out a data validation process at Banco Galicia that allows us to provide you with security in your transactions. We inform you that you have a period of 24 HOURS to access your ONLINE BANKING through the following link, which allows us to verify your identity, otherwise your bank accounts will be automatically suspended and you will have to go personally to one of our branches”.
Another message, which in its text includes a personalized treatment consigning the email address of the recipient-victim, states: “This is an electronic notification to inform you that your ONLINE BANKING has been suspended because you have to register your data to comply with new security changes on our platforms due to several FRAUD complaints, restoring access will only take a few minutes. It is important that you register this requested data within a period not exceeding 24 hours: Otherwise, you will not be able to receive or perform any type of transactions” (sic).
These types of maneuvers aimed at the theft of personal data are not new. It usually changes the façade used to present itself to different groups of victims. Especially since 2020, various campaigns have been generated to send this type of email to a large number of recipients in the name of different banks or commercial firms, such as digital wallets, email accounts (which once won are used to, at their time, distribute emails of this type) or streaming services such as Netflix.
From the UFECI it is recommended to always verify the sender’s email address and, if it is not the official one of the bank, assume that it is false. When in doubt, it is suggested to contact the bank or enter homebanking without following the link sent in the received email or searching for the URL using search engines. For example, a good practice is to access home banking from the bank’s official website.
The UFECI also requests that anyone who notices unauthorized access to their account notify the bank and resort to the local authorities to finalize their complaint.