The Scotiabank phishing campaign observed in early 2026 utilizes fake account verification alerts, leveraging fraudulent emails or SMS to direct users to a professionally designed, deceptive login page. Attackers aim to capture ScotiaCard numbers, passwords, and secondary verification data to gain unauthorized access to accounts.
Author Archives: Anti-phishing
ING Home’Bank phishing page revealed
Target: ING Bank Customers (Europe/Romania/Poland)Threat Level: Critical (Session Hijacking)Phishing Method DescriptionThis method focuses on Device Authorization Theft. The phishing page mimics the ING “HomeBank” interface, often using a “Synchronize your security device” or “Update HomeBank app” pretext.The attacker’s goal is not just your password, but the Authorization Code (token) generated by your mobile app. By …
Banco de Bogota phishing page detected
A sophisticated phishing campaign targeting Banco de Bogotá in Colombia uses deceptive “security update” messages to steal user credentials, including identification numbers and full credit card details. This fraudulent site imitates the official banking portal to bypass security checks and solicit sensitive information through high-pressure tactics. Target: Customers of Banco de Bogotá (Colombia)Threat Level: High …
LEAD Bank phishing page detected
A phishing campaign targeting Lead Bank business customers uses fraudulent “unauthorized login” alerts to drive victims to a spoofed portal designed to steal credentials, personal information, and 2FA codes. The attack creates a sense of urgency to trick users into entering sensitive data on a site with a misleading domain. To protect against this threat, …
Banque Nationale phishing page detected
A phishing campaign targeting National Bank of Canada (Banque Nationale) clients uses fake “Interac e-Transfer” notifications to steal login credentials, security questions, and OTPs. The fraudulent pages, often mimicking the official BNC portal, are designed to capture data from users in Canada and Quebec. To protect against this threat, users are advised to enable Interac …
Fake Ditchit card verification page detected
The fake DitchIt card verification scam is a high-level phishing threat targeting users on classified marketplaces, utilizing fake, secure-looking checkout pages to steal full credit card details and cardholder information. This fraud technique often involves directing users off-platform, requesting balance verification, and harvesting data to drain user accounts. Target: Users of DitchIt (Marketplace & Resale …
Continue reading “Fake Ditchit card verification page detected”
Bank of America fake page detected
A sophisticated Bank of America phishing campaign is active, using fake “account lock” alerts to steal online credentials, Social Security numbers, and OTP codes. The attack utilizes pixel-perfect clones of the Bank of America portal, often combined with telephone spoofing, to harvest full financial access. Users should avoid clicking links in alerts and instead navigate …