BAC Credomatic phishing page detected

Posted byAnti-phishing Leave a comment on BAC Credomatic phishing page detected

Threat Analysis: BAC Credomatic Phishing – Fake “Banca en Línea” Login Page

This phishing campaign impersonates BAC Credomatic, one of the largest banks in Central America. The page mimics the bank’s “Banca en Línea” (Online Banking) login interface to steal customers’ username and password. It also includes a “Usar Token” option, suggesting the attacker may attempt to capture two‑factor authentication codes in a subsequent step.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake BAC Credomatic login page. When the victim enters their Usuario and Contraseña and clicks the login button (likely labeled “Ingresar” or similar), the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s BAC Credomatic online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, pay bills, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not baccredomatic.com or any official BAC domain. Legitimate BAC online banking is accessed through the bank’s official website. Always check the address bar.
  • Unsolicited login request: BAC Credomatic does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly or using the official mobile app.
  • Typographical errors: The page contains a typo: “Recorzar Usuario” instead of “Recordar Usuario”. Official bank interfaces do not contain such errors.
  • Unusual or out-of-place text: The page includes a promotion about auto loans (“Listo para estrenar auto?”) and credit cards that may appear plausible but can be copied from the real website. The presence of such content does not make the page legitimate.
  • No personalization or security image: Legitimate BAC login pages often display a security image or personalized greeting. This page lacks those features.
  • “Usar Token” option: While the real bank uses tokens for two‑factor authentication, the inclusion of this option on a fake page is intended to make the flow appear authentic. However, the page itself is not the genuine login portal.

What to do if you encounter this:

  • Do not enter your username, password, or any other personal information on this page.
  • If you are a BAC Credomatic customer, always access online banking by typing the official BAC website URL for your country directly into your browser (e.g., baccredomatic.com) or by using the official BAC mobile app.
  • If you have already entered your credentials, contact BAC Credomatic immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to BAC Credomatic’s fraud department.

Why this scam is effective:
BAC Credomatic has millions of customers across Central America. The page uses the bank’s logo, familiar branding, and a layout that resembles the real login page. The inclusion of product promotions and a token option adds to the illusion of legitimacy. The typo “Recorzar” is a subtle red flag that careful users might notice.

Protective measures:

  • Bookmark the official BAC Credomatic login page for your country and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate baccredomatic.com domains, not on phishing sites.
  • Enable two‑factor authentication (token or mobile app) on your BAC account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate BAC domains end with baccredomatic.com or country‑specific subdomains (e.g., bac.gt for Guatemala). Look for misspellings, extra words, or unusual top‑level domains.
  • If in doubt, contact BAC Credomatic directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Leave a comment

Your email address will not be published. Required fields are marked *