Banesco Phishing – Fake “Contigo” Login Page

Posted byAnti-phishing Leave a comment on Banesco Phishing – Fake “Contigo” Login Page

This screenshot shows a phishing page impersonating Banesco, a major bank operating in Venezuela, Panama, and other Latin American countries. The page mimics the bank’s online login interface to steal customers’ usuario (username) and contraseña (password).

Threat Analysis: Banesco Phishing – Fake “Contigo” Login Page

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The link leads to this fake Banesco login page. The victim is asked to enter:

  • Usuario (username)
  • Contraseña (password)

Options like “Recordarme” (remember me) and links for forgotten credentials are included to appear legitimate. After clicking “CONTINUAR,” the credentials are captured and sent to the attacker. The victim may then be redirected to the real Banesco website to reduce suspicion.

The goal:
The attacker steals online banking credentials to:

  • Log into the victim’s Banesco account
  • View balances, transfer funds, and make unauthorized payments
  • Commit fraud or identity theft

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not the official Banesco domain (e.g., banesco.com or banesco.com.pa). Legitimate Banesco login pages are only on official bank domains.
  • Unsolicited login request: Banesco does not send links requiring customers to log in to resolve account issues. Always type the official URL directly.
  • Minimal design / missing security features: While the page uses the Banesco logo and color scheme, it lacks the full security notices, personalization, and multi‑step authentication (e.g., security image, captcha, or token requests) present on the real login page.
  • No personalization: A legitimate Banesco login may display a security image or partial account information after username entry – this page does not.

What to do if you encounter this:

  • Do not enter your username or password.
  • If you are a Banesco customer, always access online banking by typing the official URL directly (e.g., banesco.com or your country’s specific domain) or using the official mobile app.
  • If you have already entered your credentials, contact Banesco immediately to change your password and secure your account.
  • Report the phishing page to Banesco’s fraud department.

Protective measures:

  • Bookmark the official Banesco login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate domains.
  • Enable two‑factor authentication on your bank account if available.
  • Be suspicious of any unsolicited message that asks you to log in via a link.
  • Check the URL carefully – look for misspellings, extra words, or unusual top‑level domains.

Leave a comment

Your email address will not be published. Required fields are marked *