Threat Analysis: Av Villas Phishing – Fake “Banca Virtual” Login Page
This phishing campaign impersonates Av Villas (Avvillas) , a prominent Colombian bank. The page mimics the bank’s “Banca Virtual” (Virtual Banking) login interface to steal customers’ document number (typically “Cédula de Ciudadanía” – national ID) and password.
How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Av Villas login page. When the victim selects their document type (pre-selected as “Cédula de Ciudadanía”), enters their document number and password, and clicks “INGRESAR” (Login), the credentials are captured and sent to the attacker.
The goal:
The attacker aims to steal the victim’s Av Villas online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.
Red flags to watch for:
- Suspicious URL: The page is hosted on a domain that is not
avvillas.com.coor any official Av Villas domain. Legitimate Av Villas online banking is accessed through the bank’s official website. Always check the address bar. - Unsolicited login request: Av Villas does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official app.
- Minimal design: While the page includes the Av Villas logo, it lacks the full navigation, security notices, and personalized elements present on the legitimate login page.
- Missing security features: Legitimate Av Villas login pages typically include additional security elements such as a virtual keyboard, security image, or multi-step authentication. This page has only a basic form.
- Emoji in the interface: The page includes a 😊 emoji next to the “Olvidé mi contraseña” (Forgot my password) link. While not impossible on a legitimate site, such informal elements are more common in phishing pages than in professional banking interfaces.
- Generic form: The page asks only for document number and password without any account-specific personalization.
What to do if you encounter this:
- Do not enter your document number, password, or any other personal information on this page.
- If you are an Av Villas customer, always access online banking by typing
avvillas.com.codirectly into your browser or by using the official Av Villas mobile app. - If you have already entered your credentials, contact Av Villas immediately through their official customer service hotline to secure your account and change your password.
- Report the phishing page to Av Villas’s fraud department.
Why this scam is effective:
Av Villas is a well-established bank in Colombia, and “Banca Virtual” is its standard online banking portal. The page uses the bank’s logo and a clean, simple design that resembles the real login screen. The use of “Cédula de Ciudadanía” (the common national ID in Colombia) as the document type is accurate and familiar to local users. The emoji, while a slight red flag, may not be noticed by victims who are focused on entering their credentials.
Protective measures:
- Bookmark the official Av Villas login page and use that bookmark to access online banking—never click links in emails or messages.
- Use a password manager: It will autofill only on legitimate
avvillas.com.codomains, not on phishing sites. - Enable two-factor authentication (2FA) on your Av Villas account if available, to add an extra layer of protection.
- Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
- Check the URL carefully: Legitimate Av Villas domains end with
avvillas.com.co. Look for misspellings, extra words, or unusual top-level domains. - If in doubt, contact Av Villas directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.