The following are two typical examples of bank phishingIt all starts with a fraudulent email that simulates being sent by the bank to carry out some action, the attackers' objective is to obtain the account details to steal money, make online purchases, finance other crimes or sell the information.
The first example seeks to deceive bank customers with a supposed prize of 200 that will be credited to the account:
When you hover over the link you can see that the destination is not the bank page, but a strange page. The victims when accessing are found with a design similar to the real one so that they do not suspect and enter their bank details:
Once a user is entered and password the scammers also request all the card information with the excuse that the money will be loaded in 24 hours:
Note in both screenshots the URLs in the browser, they are not those of the bank nor do they include HTTPS. These are two clear signs that something strange is happening.
On the other hand, is it interesting the social engineer they use to deceive users who would not like to receive 200 as a gift? Many when seeing an email like this would not hesitate for a second to enter their data, either because of the emotion of being one of the winners or because they do not know the methodology of these attacks.
Second example, phishing with attached form:
Carlos sent me this case from Mexico, the hook to cheat is more classic, a supposed problem with the account that must be restored following instructions:
As you can see in the screenshot, the email includes a attached form.htm which is used to steal the data. You will also notice the misspellings in the message, another typical sign of phishing emails.
When the victim downloads the form and opens it, they find the following:
The technique of submitting attached forms allows them to circumvent the anti-phishing filters, since it is a page that loads locally (from the hard disk) and simply sends the information to the attacker's server, it is more difficult to block it. Like the previous example, they seek to steal the information from the credit card.
These examples of attacks are very common and, as we see, it is not difficult to detect them, just pay attention to the emails and think twice before taking any action such as clicking on the links, opening an attachment or providing personal information.
Will you be able to detect these deceptions? Do you know people who could fall into them?
See also: Phishing from Banco Repblica (Uruguay) .Common sense prevented fraud (example of phishing on an infected PC).