Banking Phishing – Fake Virtual Keyboard & Credential Harvesting
This phishing page impersonates the online banking portal of Banco BISA (a Bolivian bank). The page is designed to steal customers’ login credentials by mimicking the bank’s legitimate authentication interface.
How it works:
The victim receives a phishing email, SMS, or other fraudulent message claiming there is an issue with their account, a security alert, or a promotion. The link leads to this fake login page. The page requests the user’s “usuario” (username) and features a “Teclado virtual” (virtual keyboard) button—a common security feature used by Latin American banks to protect against keyloggers.
The twist:
Cybercriminals replicate the virtual keyboard to trick users into thinking the page is legitimate. When the victim clicks the virtual keyboard button and enters their credentials, the information is captured and sent directly to the attacker. The fake “Siguiente” (Next) button then leads to a second page that likely requests additional sensitive data, such as a password, security token, or one-time code.
Red flags to watch for:
URL mismatch: The page is not hosted on the official bank domain. Banco BISA’s legitimate online banking URL would be something like www.bisa.com or a secure subdomain—not a random or unrelated address.
Generic promotion: The footer text about “Ahorro Plus” (earning 3.85% interest) is copied from the real bank’s marketing, but phishing pages often use outdated or slightly mismatched promotional content.
Virtual keyboard context: While many banks do use virtual keyboards, phishing pages replicate them. Always verify you are on the official site before interacting with any login form.
Lack of personalization: Legitimate banking portals often display a partial account number, security image, or personal greeting after entering the username—this fake page does not.
What to do if you encounter this:
Do not enter your username, click the virtual keyboard, or press “Siguiente.”
If you are a Banco BISA customer, always type the official bank URL directly into your browser or use the official mobile banking app.
Report the phishing page to Banco BISA’s fraud department so they can work to have it taken down.
Why this scam is dangerous:
Once the attacker obtains the username and password, they can attempt to log in to the victim’s real bank account. If the bank uses two-factor authentication (2FA), the phishing site may also ask for the 2FA code on a subsequent page, allowing real-time account takeover.