The security company ESET has reported from its website that in the last few hours spam emails have been circulating that simulate being sent by the Banco Repblica or Brou.
Attackers seek steal account access credentialsWhen you click on any of the links in the following fake email, you end up on a fake page that looks like the bank's, when victims enter their data they are actually sending it to cybercriminals.
Although it is a classic phishing attack, with misspellings included, it is not common that the target is the clients of this bank and that is why the campaign can be quite effective, since many users have possibly never faced an attack. Similary. In addition, it is not difficult to get a database with thousands of emails belonging to users and companies in the country, so thousands of people could receive the false messages and fall into the trap.
As a general rule it is always recommended to avoid clicking on unsolicited email links, in case you want to access the bank account, you should always write the address manually in the browser, never access through links.
On the Eset page you can find more information and screenshots of the attack.
Update 10/11 9:00:
Investigating the case I found that the same phishing kit they are using it with various banks, the attack on the brou It seems to be in operation for a few days, in the following screenshot you can see that the phishing files were last modified on October 7:
Phishing kit on a compromised server
Also I came across a text file where all the stolen data is being saved, victims' users, passwords and IP. In the following screenshot you can see the record of a login I made on the phishing page, the user 12345678 and the maracas password are obviously false:
Data stolen by attackers
The file is updated every time a victim falls into the trap, unfortunately there was data from several people. Of course, did not enter anyone's account but it was clear that the data was real.
The good thing, as they comment on Eset, is that to make money transfers you need an electronic key and with these data they cannot do it. However, they do have access to a lot of personal information that may be useful for future attacks. False pages are currently blocked by most anti-phishing filters, but without major complications they can be changed.
If you know someone who uses the online services of Banco Repblica, share this information so they don't fall!
See also: Phishing from Banco Bandes Uruguay.Phishing for Uruguayans, double recharge of Ancel.