Nato sends me another example of bank phishing related to the Credit Bank of Peru, it is similar to the one discussed last week, although this time the hook is a supposed extraneous activity of the account for victims to confirm their data:
The interesting thing about the case is that the false URL used for the attack is quite similar to that of the real bank, which can lead to confusion.
This is the false address:
http: // bcpzonasegura .bcpzonasegura .in / bcp / OperacionesEnLinea / (false)
And this is the real address:
https: //bcpzonasegura.viabcp.com/bcp/OperacionesEnLinea (real)
Although the real site includes HTTPS at the beginning, the rest of the URL is somewhat confusing in both cases and that is exactly what cybercriminals take advantage of to cheat. Always check that a bank's page has HTTPS when entering sensitive data, but also keep in mind that attackers could include https in the false address, since it is simply enough to buy an SSL certificate for the Mastery and it is something that can be done for a few dollars.
The best way to avoid these phishing attacks is with common sense and good practice. Account problems? Ok, I call the bank and find out. An email with attachments, request my information or do you have a link to enter them? Sure it is false, banks do not send that kind of messages, I better discard it and enter the account by typing the address manually in the browser.
Other steps that can be taken:
There is a possibility that the computer is infected and in that case, even if the address is entered manually in the browser, it could end up on a false page (see examples here and here), in addition, the information entered could be being captured with keyloggers. That is why it is not recommended to access online banking from foreign computers, the ideal is to do it on a secure computer and some even recommend always access with a Live CD to make sure.
On the other hand, it is also not recommended to access through shared connections, such as WiFi in a café. It is possible that a scammer is monitoring the network to steal information and user sessions.
Note: the false address discussed in the post has already been reported, try not to enter.