8FFR-00169-001 CSIRT 3 activation warns fraudulent banking portals

Summary

The Incident Response Team Computer Security (CSIRT) has identified three fraudulent activation associated with three IP portals that supercede the official website of Banco Estado, which could be used to steal user credentials that entity.

The above constitutes a falsification of the institutional brand that could affect users, customers and the aforementioned banking entity.

 

Commitment Indicators

URLs

www[.]aisgwb[.]org/css/user/imagenes/comun2008/banca-en-linea-personas[.]html

www[.]banco-estadocl[.]xyz/imagenes/comun2008/banca-en-linea-personas[.]php?html

bloqueo-ban0oestad0[.]ddns[.]net/www[.]bancoestado[.]cl[.]bloqueo/

 

IP

132 [.] 148 [.] 151 [.] 253

206 [.] 189 [.] 137 [.] 123

178 [.] 159 [.] 36 [.] 146

 

Location

Scottsdale, Arizona, United States

Bangalore, Karnataka, India

Moscow, Moscow, Russia

 

Recommendations

Avoid accessing the site indicated above and informing users about its existence, to prevent them from becoming victims of fraud.
Be cautious against this type of fraudulent pages.
Block in proxy or content control systems, towards the malicious URL
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing.