Threat Analysis: Bancolombia Phishing – Fake “Sucursal Virtual Personas” Login Page
This phishing campaign impersonates Bancolombia, a major Colombian bank with millions of customers. The page mimics the bank’s online banking portal (Sucursal Virtual Personas) to steal customers’ Usuario (username) and Clave (password) .
How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Bancolombia login page. When the victim enters their Usuario and Clave and clicks “Continuar” (Continue), the credentials are captured and sent to the attacker.
The goal:
The attacker aims to steal the victim’s Bancolombia online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.
Red flags to watch for:
- Suspicious URL: The page is hosted on a domain that is not
bancolombia.comor any official Bancolombia domain. Legitimate Bancolombia online banking is accessed through the bank’s official website. Always check the address bar. - Unsolicited login request: Bancolombia does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official Bancolombia app.
- Minimal design: While the page includes the Bancolombia logo and some text, it lacks the full navigation, security notices, and personalized elements present on the legitimate login page.
- Static date and time: The page displays a static date and time (Martes 17 de Enero del 2023 07:52:53 PM) that does not update. A legitimate bank portal would show the current date and time dynamically.
- No security image or personalization: Legitimate Bancolombia login pages often display a security image or phrase. This page lacks such features.
- Generic footer: The footer includes links (“Conoce sobre Sucursal Virtual Personas,” etc.), but these are copied from the real site and do not guarantee legitimacy.
What to do if you encounter this:
- Do not enter your Usuario, Clave, or any other personal information on this page.
- If you are a Bancolombia customer, always access online banking by typing
bancolombia.comdirectly into your browser or by using the official Bancolombia app (such as “Bancolombia Personas”). - If you have already entered your credentials, contact Bancolombia immediately through their official customer service hotline to secure your account and change your password.
- Report the phishing page to Bancolombia’s fraud department.
Why this scam is effective:
Bancolombia has a massive customer base in Colombia, and “Sucursal Virtual Personas” is its standard online banking portal. The page uses the bank’s logo and familiar layout. The inclusion of a static date and time is an attempt to mimic the real site, but the fact that it does not update (or is hardcoded) is a subtle red flag that careful users might notice.
Protective measures:
- Bookmark the official Bancolombia login page and use that bookmark to access online banking—never click links in emails or messages.
- Use a password manager: It will autofill only on legitimate
bancolombia.comdomains, not on phishing sites. - Enable two-factor authentication (2FA) on your Bancolombia account if available, to add an extra layer of protection.
- Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
- Check the URL carefully: Legitimate Bancolombia domains end with
bancolombia.com. Look for misspellings, extra words, or unusual top-level domains. - If in doubt, contact Bancolombia directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.