A new ‘phishing’ campaign uses the trademarks of banks BBVA and Bankinter to try to deceive users and install a malicious program on their computers with which to steal their banking credentials.
The cybersecurity company ESET has warned about the latest identity theft by BBVA and Bankinter, which takes advantage of banking entities to use them as hooks and attract new victims with them to their threats.
This technique, known as ‘phishing’, seeks to trick the user into downloading a file sent in an email, which contains a malicious program that installs itself on the user’s computer to be able to get hold of the passwords.
In one of the cases analyzed in recent days, criminals send an email with a supposed advance document using Bankinter’s Confirming invoice collection platform.
In this example, the criminals attached a Microsoft Excel xlsx file, a document that contained malicious macros and that was intercepted by the antivirus on the mail server, as indicated by the company in a statement.
Likewise, other emails have been observed that supplant BBVA but that also have as their subject alleged confirmations of payment orders. In these emails, the attached file is replaced by a thumbnail image of what looks like an invoice and contains a link that redirects to the download of a file.
From ESET they point out that on Thursday, November 18, they also observed a campaign similar to the two previous emails, but supplanting the identity of the Laboral Kutxa bank.
The three examples form employ a technique that try to evade detections on mail servers that have security solutions. However, if the message is not blocked on the server itself and the user clicks on the image of the invoice, the antivirus installed on the computer or mobile phone can also block the download of the malicious code.
Even if the download of this threat was not blocked and was downloaded to the user’s machine, it could still be detected by the different layers of security that security solutions have today.
In any case, from ESET they point out that the best thing is that it does not happen, and for that reason they recommend implement security layers that block these threats before it is the user who has to deduce whether to open the file or not.