Banco de Bogota phishing page detected

Posted byAnti-phishing Leave a comment on Banco de Bogota phishing page detected

Threat Analysis: Banco de Bogotá Phishing – Multi-Step Credential & Card Data Harvesting

This phishing campaign impersonates Banco de Bogotá, a major Colombian bank. The scam uses a multi-page flow to capture the victim’s document number, debit card details, email credentials, and full credit/debit card information—enabling full account takeover and financial fraud.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to “activate” or “confirm” a banking product. The message includes a link to the first phishing page.

Step 1 – Fake “Tarjeta Débito” (Debit Card) Page
The first page presents a heading related to a banking product, mentioning “Tarjeta Débito” and “Clave Segura” (Secure Key). This sets the context for the victim to believe they are managing their debit card security.

Step 2 – Document & Debit Card Details Page
The second page asks for:

  • Tipo de Documento (Document type – e.g., Cédula, etc.)
  • Número de Documento (Document number)
  • Clave de Tarjeta de Débito (Debit card PIN/password)
  • 4 últimos dígitos de la Tarjeta (Last 4 digits of the card)

These are critical pieces of information used to authenticate with the bank.

Step 3 – Email Credentials Page
The third page asks for:

  • Correo Electrónico (Email address)
  • Clave (Email password)

This step is designed to capture the victim’s email account credentials, which can be used to intercept bank communications, reset passwords, and further compromise the victim’s digital identity.

Step 4 – Full Card Details Page
The fourth page asks for:

  • Número de la Tarjeta (Full card number)
  • Nombre en la Tarjeta (Cardholder name)
  • Expira el (Expiration date: month/year)
  • A checkbox accepting terms and conditions (to appear legitimate)

The goal:
The attacker aims to collect:

  • Colombian national ID number (document number)
  • Debit card PIN and last 4 digits
  • Email address and password
  • Full credit/debit card number, cardholder name, and expiration date

With this combination of information, the attacker can:

  • Access the victim’s Banco de Bogotá online banking account
  • Make unauthorized transactions
  • Use the email credentials to intercept 2FA codes and reset passwords for other accounts
  • Commit identity theft or sell the data

Red flags to watch for:

  • Suspicious URL: The pages are hosted on domains that are not bancodebogota.com or any official Banco de Bogotá domain. Legitimate online banking is accessed through the official website.
  • Request for email password: No legitimate bank asks for your email account password. This is a clear indicator of a phishing attack designed to take over your email as well.
  • Multiple sensitive data requests: The scam asks for document number, debit card PIN, full card details, and email credentials—far more than any legitimate banking process would require.
  • Unsolicited login request: Banco de Bogotá does not send emails or messages with links requiring customers to provide this level of personal information.
  • Generic design: The pages lack the full branding, security notices, and personalized elements present on the legitimate bank site.
  • Step-by-step flow: The multi-page design is typical of sophisticated phishing kits that gradually extract different categories of information to avoid raising suspicion with a single long form.

What to do if you encounter this:

  • Do not enter any personal information, document numbers, card details, or email credentials on these pages.
  • If you are a Banco de Bogotá customer, always access online banking by typing bancodebogota.com directly into your browser or by using the official Banco de Bogotá mobile app.
  • If you have already entered your email credentials, change your email password immediately and check for any unauthorized forwarding rules or account changes.
  • If you have entered banking or card details, contact Banco de Bogotá immediately through their official customer service hotline to block your cards and secure your account.
  • Report the phishing page to Banco de Bogotá’s fraud department.

Why this scam is particularly dangerous:
This is a comprehensive identity theft phishing kit. It does not just target banking credentials—it aims to capture enough information to compromise the victim’s email, debit card, and credit card simultaneously. The request for the email password is especially dangerous because it can give attackers persistent access to the victim’s communications, enabling them to intercept password reset emails and 2FA codes for a wide range of services.

Protective measures:

  • Bookmark the official Banco de Bogotá login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bancodebogota.com domains, not on phishing sites.
  • Never enter your email password on any page that claims to be your bank. Legitimate banks never ask for this.
  • Enable two-factor authentication (2FA) on both your bank account and email account, using an authenticator app rather than SMS where possible.
  • Be suspicious of any unsolicited message that creates urgency and asks you to provide personal information.
  • Check the URL carefully: Legitimate Banco de Bogotá domains end with bancodebogota.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Banco de Bogotá directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Leave a comment

Your email address will not be published. Required fields are marked *