The financial entity specializing in cybercrime (Ufeci) warned about a maneuver to steal HomeBanking users and passwords and seize Banco de Galicia customer accounts through fraudulent email messages.
Prosecutor Horacio Ezzolin, in charge of Ufassi, took complaints from users who had received emails from the bank asking them to enter a link to verify their credentials.
The link leads to an apparently legitimate environment where the theft of information entered by the victims is self-configured.
The warning stems from a series of complaints made to that tax entity by people who received a message in their email with the bank’s logo and colours.
The misleading message bases the request for customer credentials precisely, for security reasons, with different forms, but they all involve a permanent word communication from the bank – usually 24 hours, After which a warning is given that the account will be suspended. – Required to perform incorrect data validation.
For example, one of them says: “We at Banco Galicia are carrying out a data verification process that allows us to provide you with security in your transactions. We inform you that you have access to your online banking.” There is a 24-hour period for the following link, which allows us to verify your identity, otherwise your bank accounts will be automatically suspended and you will have to visit one of our branches in person”.
Another message, the text of which includes a personalized treatment sending to the recipient-victim’s email address, said: “This is an electronic notification to inform you that your online banking has been suspended because you Your data must be registered to comply with the new rules. Security changes to our platform due to multiple fraud reports, restoring access will only take a few minutes. It is important that you submit this requested data within a period not exceeding 24 hours Do not register: otherwise, you will not be able to receive or perform transactions of any kind” (sic).
Especially since 2020, various campaigns were devised to send these types of emails to a large number of recipients in the name of various banks or commercial firms, such as digital wallets, email accounts (which were once won, Used to deliver their timely) these types of emails) or streaming services such as Netflix.
From Ufeci it is recommended to always verify the sender’s email address and, if it is not official of the bank, assume that it is false.
When in doubt, it is suggested to contact the bank or enter homebanking without following the link sent in the email received or search for the URL using a search engine and enter homebanking from the bank’s official website.
UFECI also requested that anyone who notices unauthorized access to their account, inform the bank and approach the local authorities to register their complaint.