Contact us
+(562) 2486 3850
Summary
The Computer Security Incident Response Team (CSIRT) has identified the activation of two fraudulent portals associated with two IPs that supplant the official website of Banco Estado, which could be used to steal credentials from users of that entity.
IOCs
URLs
Cloned Site URL:
http[://]visa-homer[.]com/bancoestado/index[.]html[.]html
https[://]www[.]bamcoestado-cl[.]site/imagenes/comun2008/banca-en-linea-personas[.]php?html
IP
162,241.60,177
206,189,141.0
Location
Provo, Utha, United States
Alameda, California, United States
Recommendations
Avoid accessing the site indicated above and informing users about its existence, to prevent them from becoming victims of fraud.
Be cautious against this type of fraudulent pages.
Block in proxy or content control systems, towards the malicious URL
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing.