Scotiabank Phishing – Fake Login Page Stealing DNI and Password
This phishing campaign impersonates Scotiabank, a major international bank with operations across Latin America (including Mexico, Peru, Chile, Colombia, and other countries). The page is designed to steal customers’ online banking credentials—specifically the DNI (national identification number) and password.
How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Scotiabank login page. When the victim enters their DNI and password and clicks “Siguiente” (Next), the credentials are captured and sent to the attacker.
The goal:
The attacker aims to steal the victim’s Scotiabank online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.
Red flags to watch for:
- Suspicious URL: The page is hosted on a domain (
scotiabankverificaenlinea23.abmx.com) that is not the official Scotiabank domain. Legitimate Scotiabank online banking is accessed through domains likescotiabank.com,scotiabank.com.mx,scotiabank.com.pe, etc. The use of a non-standard domain with extra words (“verificaenlinea23”) is a clear red flag. - Unsolicited login request: Scotiabank does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly or using the official mobile app.
- Minimal design: The page lacks the full Scotiabank branding, navigation menus, security notices, and personalized elements that appear on the legitimate login page.
- No security image or personalization: Legitimate Scotiabank login pages often display a security image or phrase after entering the DNI. This page does not have that feature.
- Generic “Bienvenido” header: The page uses a generic welcome message rather than personalized content.
What to do if you encounter this:
- Do not enter your DNI, password, or any other personal information on this page.
- If you are a Scotiabank customer, always access online banking by typing the official Scotiabank URL for your country directly into your browser (e.g.,
scotiabank.comfor the US,scotiabank.com.mxfor Mexico, etc.) or by using the official Scotiabank mobile app. - If you have already entered your credentials, contact Scotiabank immediately through their official customer service hotline to secure your account and change your password.
- Report the phishing page to Scotiabank’s fraud department (e.g., by forwarding the original message to the bank’s official phishing reporting address).
Why this scam is effective:
Scotiabank has millions of customers across Latin America, making it a frequent target for phishing. The page uses the Scotiabank logo and a simple, clean design that resembles the bank’s login interface. The use of “DNI” (national ID) as the username is consistent with how many Latin American banks authenticate users. The “Siguiente” (Next) button mimics the flow of the legitimate login process, where users often enter credentials on one page and then a second factor on the next.
Protective measures:
- Bookmark the official Scotiabank login page for your country and use that bookmark to access online banking—never click links in emails or messages.
- Use a password manager: It will autofill only on legitimate Scotiabank domains, not on phishing sites.
- Enable two-factor authentication (2FA) on your Scotiabank account if available, to add an extra layer of protection.
- Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
- Check the URL carefully: Legitimate Scotiabank domains end with
scotiabank.comor country-specific variations (e.g.,.com.mx,.com.pe). Look for misspellings, extra words, or unusual top-level domains. - If in doubt, contact Scotiabank directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.