The clients of the Bank of Credit of Peru (BCP) are receiving false emails that simulate being sent by the entity. Under the subject Congratulations you won an iPad and a LAPTOP SONY VAIO They try to trick users into verifying their identity in online banking.
The following is a screenshot of the fake mail:
To the hover over the link you can see that his destiny is strange, it is not the page of the bank. When accessing, victims are redirected to a fake page that copies the layout of the actual:
Fake site – Phishing
If the user falls for the trap, all the data you enter ends up in the hands of the cyber criminal.
In this case, they take advantage of a vulnerable server belonging to a hotel chain to host the phishing kit, I have just sent them an alert to delete the contents, although the false page that pretends to be that of the bank is already blocked by the filters. antiphishing.
It is quite an elaborate attack, at first glance the fake email looks compelling and the alleged prizes are too tempting for many victims to click. In addition, the false page copies very well to the legitimate one, in the following screenshot you can see the real bank site (note it has HTTPS):
Real bank site
How to protect yourself in these cases?
We must avoid clicking on unsolicited links, much less when they appear to be sent by our bank for us to enter personal data. It is always necessary to access online banking by typing the address in the browser and when in doubt with the account, the ideal is to call the number on the actual page by phone.
The actual site of the Bank of Credit of Peru is www.viabcp.com.
Thanks born for the delivery.
Fake YouTube in Spanish and spam on news from Per.