Banco BISA phishing page revealed

Threat Analysis: Banco Bisa Phishing – Fake “Banca EN-LINEA” Login Page

This phishing campaign impersonates Banco Bisa, a prominent Bolivian bank. The page mimics the bank’s “Banca EN-LINEA” (online banking) login interface to steal customers’ Usuario (username) and Contraseña (password).

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Banco Bisa login page. When the victim enters their Usuario and Contraseña and clicks “Siguiente” (Next), the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s Banco Bisa online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bisa.com or any official Banco Bisa domain. Legitimate Banco Bisa online banking is accessed through the bank’s official website. Always check the address bar.
  • Mixed branding: The footer includes references to “PODCAST BISA” and logos for Apple Podcast, Spotify, etc. While Banco Bisa may have a legitimate podcast, the inclusion of these elements on a login page is unusual and suggests copied content. More importantly, the footer incorrectly shows “© 2020 Banco Bisa S.A.” when the screenshot is from 2023—an outdated copyright notice is a common phishing oversight.
  • Unsolicited login request: Banco Bisa does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly or using the official mobile app.
  • Minimal design: The page lacks the full navigation, security notices, and personalized security elements (such as a security image or phrase) that would appear on a legitimate Banco Bisa login page.
  • Generic form: The page only asks for Usuario and Contraseña without additional context or verification steps typical of the real bank’s login flow.

What to do if you encounter this:

  • Do not enter your Usuario, Contraseña, or any other personal information on this page.
  • If you are a Banco Bisa customer, always access online banking by typing bisa.com directly into your browser or by using the official Banco Bisa mobile app.
  • If you have already entered your credentials, contact Banco Bisa immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to Banco Bisa’s fraud department.

Why this scam is effective:
Banco Bisa is a well-known bank in Bolivia, and “Banca EN-LINEA” is its standard online banking portal. The page uses the bank’s logo and familiar layout. The inclusion of podcast links and other promotional content (copied from the real bank’s website) can make the page appear legitimate at first glance. However, the outdated copyright year (2020) and the unusual placement of promotional content on a login page are subtle red flags.

Protective measures:

  • Bookmark the official Banco Bisa login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bisa.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your Banco Bisa account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate Banco Bisa domains end with bisa.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Banco Bisa directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

American Savings Bank (Hawaii) phishing page detected

American Savings Bank Phishing – Credential & Phone Number Harvesting

This phishing campaign impersonates American Savings Bank (ASB) , a bank serving customers primarily in Hawaii. The page is designed to steal customers’ online banking credentials (Login ID and Password) along with their phone number, which can be used for identity theft or to bypass SMS-based two-factor authentication.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake ASB login page. When the victim enters their Login ID, Password, and Phone Number and clicks “Log In,” the information is captured and sent to the attacker.

The goal:
The attacker aims to:

  • Steal the victim’s ASB online banking credentials (Login ID and Password)
  • Obtain the victim’s phone number, which can be used for SIM swapping or to intercept SMS-based two-factor authentication codes
  • Gain unauthorized access to the victim’s bank account to transfer funds or commit fraud

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not asbhawaii.com or any official American Savings Bank domain. Legitimate ASB online banking is accessed through the bank’s official website. Always check the address bar.
  • Unusual request for phone number on login page: Legitimate ASB login pages typically ask only for Login ID and Password. Requesting a phone number on the same page as the login credentials is uncommon and should raise suspicion.
  • Minimal design: The page lacks the full branding, security notices, and navigation elements present on the legitimate ASB website. The design is generic and stripped down.
  • Unsolicited login request: American Savings Bank does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly or using the official mobile app.
  • No security image or personalization: Legitimate ASB login pages may display a security image or phrase. This page lacks such features.

What to do if you encounter this:

  • Do not enter your Login ID, Password, Phone Number, or any other personal information on this page.
  • If you are an American Savings Bank customer, always access online banking by typing asbhawaii.com directly into your browser or by using the official ASB mobile app.
  • If you have already entered your credentials, contact American Savings Bank immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to ASB’s fraud department.

Why this scam is effective:
American Savings Bank has a loyal customer base in Hawaii, and the bank’s online banking portal is familiar to many. The page uses the bank’s logo and a simple, clean design that mimics the real login page. The request for a phone number may seem innocuous to victims who are used to providing it for security verification. However, legitimate ASB login pages do not ask for a phone number alongside Login ID and Password—this is a clear indicator of a phishing attempt.

Protective measures:

  • Bookmark the official American Savings Bank login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate asbhawaii.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your ASB account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate ASB domains end with asbhawaii.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact American Savings Bank directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Bank of Amerika phishing page revealed

Threat Analysis: Bank of America Phishing – Fake “Security Challenge” Harvesting Phone Numbers

This phishing campaign impersonates Bank of America, one of the largest banks in the United States. The page presents a fake “Security Challenge” that asks the victim to complete a CAPTCHA and enter their phone number. This page is typically encountered after the victim has already entered their online banking credentials on a previous phishing page, or it may be used as a standalone data collection step.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to a phishing page. This specific page:

  • Displays a Bank of America logo
  • Presents a “Security Challenge” with a CAPTCHA (images of characters to type)
  • Requests the victim’s phone number
  • Has a “Continue” button

The goal:
The attacker aims to:

  • Collect the victim’s phone number, which can be used for identity theft, SIM swapping, or to intercept SMS-based two-factor authentication (2FA) codes
  • Potentially capture the victim’s banking credentials if this page is part of a longer multi-step phishing flow (with the CAPTCHA serving to make the page appear legitimate)

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bankofamerica.com. Legitimate Bank of America login pages are accessed through the official website. Always check the address bar.
  • CAPTCHA on a banking login flow: While CAPTCHAs are sometimes used to prevent bots, it is unusual for a legitimate bank to present one after the initial login screen. This is a common phishing tactic to make the page appear more “secure” to victims.
  • Phone number request without context: A legitimate Bank of America security challenge would not ask for a phone number in this manner. If additional verification is needed, it would be handled through established 2FA methods (SMS to a number already on file) within a secure, authenticated session.
  • Unsolicited login request: Bank of America does not send emails or messages with links requiring customers to log in and complete “security challenges.” Customers should always access online banking by typing the official URL directly or using the official app.
  • Minimal branding: The page uses a simple Bank of America logo but lacks the full navigation, security notices, and account-specific information present on the legitimate site.

What to do if you encounter this:

  • Do not complete the CAPTCHA or enter your phone number on this page.
  • If you are a Bank of America customer, always access online banking by typing bankofamerica.com directly into your browser or by using the official Bank of America mobile app.
  • If you have already entered your credentials on a previous page and reached this page, assume your credentials have been compromised. Contact Bank of America immediately to secure your account.
  • If you have entered your phone number, be aware that attackers may use it for SIM swapping or other fraudulent activities. Contact your mobile carrier to add additional security to your account (such as a PIN or port-out protection).
  • Report the phishing page to Bank of America’s fraud department (e.g., by forwarding the original message to [email protected]).

Why this scam is effective:
Bank of America has millions of online banking customers. The addition of a CAPTCHA and a phone number request creates the illusion of a legitimate security measure. Victims who have already entered their credentials on a previous page may be primed to trust this next step. The CAPTCHA also serves to make automated security tools less likely to flag the page, and it can convince victims that the page is “official” because it includes a verification step.

Protective measures:

  • Never enter banking credentials or personal information on pages reached via unsolicited links.
  • Bookmark the official Bank of America login page and use that bookmark to access online banking.
  • Use a password manager: It will autofill only on legitimate bankofamerica.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) using an authenticator app rather than SMS where possible, to reduce the risk of SIM swapping.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account or complete “security challenges.”
  • Check the URL carefully: Legitimate Bank of America domains end with bankofamerica.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Bank of America directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Banco de Bogota phishing page detected

Threat Analysis: Banco de Bogotá Phishing – Multi-Step Credential & Card Data Harvesting

This phishing campaign impersonates Banco de Bogotá, a major Colombian bank. The scam uses a multi-page flow to capture the victim’s document number, debit card details, email credentials, and full credit/debit card information—enabling full account takeover and financial fraud.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to “activate” or “confirm” a banking product. The message includes a link to the first phishing page.

Step 1 – Fake “Tarjeta Débito” (Debit Card) Page
The first page presents a heading related to a banking product, mentioning “Tarjeta Débito” and “Clave Segura” (Secure Key). This sets the context for the victim to believe they are managing their debit card security.

Step 2 – Document & Debit Card Details Page
The second page asks for:

  • Tipo de Documento (Document type – e.g., Cédula, etc.)
  • Número de Documento (Document number)
  • Clave de Tarjeta de Débito (Debit card PIN/password)
  • 4 últimos dígitos de la Tarjeta (Last 4 digits of the card)

These are critical pieces of information used to authenticate with the bank.

Step 3 – Email Credentials Page
The third page asks for:

  • Correo Electrónico (Email address)
  • Clave (Email password)

This step is designed to capture the victim’s email account credentials, which can be used to intercept bank communications, reset passwords, and further compromise the victim’s digital identity.

Step 4 – Full Card Details Page
The fourth page asks for:

  • Número de la Tarjeta (Full card number)
  • Nombre en la Tarjeta (Cardholder name)
  • Expira el (Expiration date: month/year)
  • A checkbox accepting terms and conditions (to appear legitimate)

The goal:
The attacker aims to collect:

  • Colombian national ID number (document number)
  • Debit card PIN and last 4 digits
  • Email address and password
  • Full credit/debit card number, cardholder name, and expiration date

With this combination of information, the attacker can:

  • Access the victim’s Banco de Bogotá online banking account
  • Make unauthorized transactions
  • Use the email credentials to intercept 2FA codes and reset passwords for other accounts
  • Commit identity theft or sell the data

Red flags to watch for:

  • Suspicious URL: The pages are hosted on domains that are not bancodebogota.com or any official Banco de Bogotá domain. Legitimate online banking is accessed through the official website.
  • Request for email password: No legitimate bank asks for your email account password. This is a clear indicator of a phishing attack designed to take over your email as well.
  • Multiple sensitive data requests: The scam asks for document number, debit card PIN, full card details, and email credentials—far more than any legitimate banking process would require.
  • Unsolicited login request: Banco de Bogotá does not send emails or messages with links requiring customers to provide this level of personal information.
  • Generic design: The pages lack the full branding, security notices, and personalized elements present on the legitimate bank site.
  • Step-by-step flow: The multi-page design is typical of sophisticated phishing kits that gradually extract different categories of information to avoid raising suspicion with a single long form.

What to do if you encounter this:

  • Do not enter any personal information, document numbers, card details, or email credentials on these pages.
  • If you are a Banco de Bogotá customer, always access online banking by typing bancodebogota.com directly into your browser or by using the official Banco de Bogotá mobile app.
  • If you have already entered your email credentials, change your email password immediately and check for any unauthorized forwarding rules or account changes.
  • If you have entered banking or card details, contact Banco de Bogotá immediately through their official customer service hotline to block your cards and secure your account.
  • Report the phishing page to Banco de Bogotá’s fraud department.

Why this scam is particularly dangerous:
This is a comprehensive identity theft phishing kit. It does not just target banking credentials—it aims to capture enough information to compromise the victim’s email, debit card, and credit card simultaneously. The request for the email password is especially dangerous because it can give attackers persistent access to the victim’s communications, enabling them to intercept password reset emails and 2FA codes for a wide range of services.

Protective measures:

  • Bookmark the official Banco de Bogotá login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bancodebogota.com domains, not on phishing sites.
  • Never enter your email password on any page that claims to be your bank. Legitimate banks never ask for this.
  • Enable two-factor authentication (2FA) on both your bank account and email account, using an authenticator app rather than SMS where possible.
  • Be suspicious of any unsolicited message that creates urgency and asks you to provide personal information.
  • Check the URL carefully: Legitimate Banco de Bogotá domains end with bancodebogota.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Banco de Bogotá directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

PNC bank phishing page detected

Threat Analysis: PNC Bank Phishing – Fake “Online Banking” Login Page

This phishing campaign impersonates PNC Bank, one of the largest banks in the United States. The page mimics PNC’s online banking login interface to steal customers’ User ID and Password.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake PNC login page. When the victim enters their User ID and Password and clicks “Sign In,” the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s PNC online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, pay bills, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not pnc.com or any official PNC domain. Legitimate PNC online banking is accessed through the bank’s official website. Always check the address bar.
  • Unsolicited login request: PNC does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official PNC mobile app.
  • Minimal design: While the page includes the PNC logo and some text, it lacks the full navigation, security notices, and personalized elements present on the legitimate PNC login page. The layout is simpler than the real site.
  • No security image or phrase: Legitimate PNC login pages display a security image or phrase after entering the User ID as part of their fraud prevention measures. This page does not have that feature.
  • Generic footer: The footer includes copyright information and links, but these are copied from the real site and do not guarantee legitimacy.

What to do if you encounter this:

  • Do not enter your User ID, Password, or any other personal information on this page.
  • If you are a PNC customer, always access online banking by typing pnc.com directly into your browser or by using the official PNC mobile app.
  • If you have already entered your credentials, contact PNC immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to PNC’s fraud department (e.g., by forwarding the original message to [email protected] or using their official reporting channels).

Why this scam is effective:
PNC has millions of online banking customers across the United States. The page uses the PNC logo, the familiar “Online Banking” branding, and text copied from the legitimate website. The simple, clean design may appear credible to users who are not scrutinizing the URL. The inclusion of footer links and copyright information adds to the illusion of legitimacy.

Protective measures:

  • Bookmark the official PNC login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate pnc.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your PNC account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate PNC domains end with pnc.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact PNC directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Bank of America phishing page revealed

Threat Analysis: Bank of America Phishing – Fake “Checking Savings” Login Page

This phishing campaign impersonates Bank of America, one of the largest banks in the United States. The page mimics the bank’s login interface to steal customers’ Online ID and Passcode (password).

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Bank of America login page. When the victim enters their Online ID and Passcode and clicks “Sign In,” the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s Bank of America online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bankofamerica.com. Legitimate Bank of America online banking is accessed through the official website. Always check the address bar.
  • Unsolicited login request: Bank of America does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official mobile app.
  • Copied promotional content: The page includes credit card offers and a podcast promotion that are copied from the legitimate Bank of America website. Attackers use such content to make the page appear authentic, but its presence does not guarantee legitimacy.
  • Missing security elements: Legitimate Bank of America login pages include security features such as a “Secure” badge, site key phrase, or personalized greeting. This page lacks these.
  • Mixed branding elements: The page uses the Bank of America logo and “Checking Savings” header, but the layout is simpler and less polished than the actual site.
  • “Save Online ID” checkbox: While this feature exists on the real site, phishing pages copy it to appear legitimate. The real security check is the URL, not the presence of familiar interface elements.

What to do if you encounter this:

  • Do not enter your Online ID, Passcode, or any other personal information on this page.
  • If you are a Bank of America customer, always access online banking by typing bankofamerica.com directly into your browser or by using the official Bank of America mobile app.
  • If you have already entered your credentials, contact Bank of America immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to Bank of America’s fraud department (e.g., by forwarding the original message to [email protected]).

Why this scam is effective:
Bank of America has millions of online banking customers. This phishing page is particularly convincing because it includes real promotional content (credit card offers, podcast links) that is copied from the bank’s actual website. Victims who have seen these offers before may be reassured that the page is legitimate. The login form itself is simple and familiar, making it easy for a distracted user to enter credentials without checking the URL.

Protective measures:

  • Bookmark the official Bank of America login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bankofamerica.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your Bank of America account to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate Bank of America domains end with bankofamerica.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Bank of America directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Bancolombia phishing page detected

Threat Analysis: Bancolombia Phishing – Fake “Sucursal Virtual Personas” Login Page

This phishing campaign impersonates Bancolombia, a major Colombian bank with millions of customers. The page mimics the bank’s online banking portal (Sucursal Virtual Personas) to steal customers’ Usuario (username) and Clave (password) .

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Bancolombia login page. When the victim enters their Usuario and Clave and clicks “Continuar” (Continue), the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s Bancolombia online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bancolombia.com or any official Bancolombia domain. Legitimate Bancolombia online banking is accessed through the bank’s official website. Always check the address bar.
  • Unsolicited login request: Bancolombia does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official Bancolombia app.
  • Minimal design: While the page includes the Bancolombia logo and some text, it lacks the full navigation, security notices, and personalized elements present on the legitimate login page.
  • Static date and time: The page displays a static date and time (Martes 17 de Enero del 2023 07:52:53 PM) that does not update. A legitimate bank portal would show the current date and time dynamically.
  • No security image or personalization: Legitimate Bancolombia login pages often display a security image or phrase. This page lacks such features.
  • Generic footer: The footer includes links (“Conoce sobre Sucursal Virtual Personas,” etc.), but these are copied from the real site and do not guarantee legitimacy.

What to do if you encounter this:

  • Do not enter your Usuario, Clave, or any other personal information on this page.
  • If you are a Bancolombia customer, always access online banking by typing bancolombia.com directly into your browser or by using the official Bancolombia app (such as “Bancolombia Personas”).
  • If you have already entered your credentials, contact Bancolombia immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to Bancolombia’s fraud department.

Why this scam is effective:
Bancolombia has a massive customer base in Colombia, and “Sucursal Virtual Personas” is its standard online banking portal. The page uses the bank’s logo and familiar layout. The inclusion of a static date and time is an attempt to mimic the real site, but the fact that it does not update (or is hardcoded) is a subtle red flag that careful users might notice.

Protective measures:

  • Bookmark the official Bancolombia login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bancolombia.com domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your Bancolombia account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate Bancolombia domains end with bancolombia.com. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Bancolombia directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

BANTRAB bank phishing page revealed

Threat Analysis: Bantrab Phishing – Fake Login Page Stealing Client Credentials

This phishing campaign impersonates Bantrab (Banco de los Trabajadores) , a prominent bank in Guatemala. The page mimics the bank’s login interface to steal customers’ Cliente (client ID) and Usuario (username) . This information is typically used as the first step in accessing online banking, after which the victim would be asked for a password on a subsequent page (likely part of a multi-step phishing flow).

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Bantrab login page. When the victim enters their Cliente and Usuario and clicks “Ingresar” (Login), the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s Bantrab online banking credentials. With these (and likely a password captured on a follow-up page), they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bantrab.com.gt or any official Bantrab domain. Legitimate Bantrab online banking is accessed through the bank’s official website. Always check the address bar.
  • Unsolicited login request: Bantrab does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official app.
  • Minimal design: The page uses the Bantrab logo and a simple form, but lacks the full navigation, security notices, and personalized elements present on the legitimate login page.
  • Missing security elements: Legitimate Bantrab login pages may display security tips, a virtual keyboard, or other features. This page has only a basic form.
  • Typographical note: The page heading says “BENVENIDO” instead of “BIENVENIDO” (the correct Spanish spelling for “welcome”). While minor, such typos can appear in phishing pages and are not typical of official bank communications.
  • Ironically, the security tip itself: The page includes a warning that “BANTRAB NUNCA TE PEDIRÁ INFORMACIÓN CONFIDENCIAL…” (Bantrab will never ask for confidential information). Yet the page itself is asking for confidential information—a contradiction that users should notice.

What to do if you encounter this:

  • Do not enter your Cliente, Usuario, or any other personal information on this page.
  • If you are a Bantrab customer, always access online banking by typing bantrab.com.gt directly into your browser or by using the official Bantrab mobile app.
  • If you have already entered your credentials, contact Bantrab immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to Bantrab’s fraud department.

Why this scam is effective:
Bantrab is a well-known bank in Guatemala, and its online banking portal is familiar to many customers. The page uses the bank’s logo and a simple, clean design that resembles the real login screen. The inclusion of a security warning (even though it’s ironically being violated) can actually reassure some users who see it and think, “This must be legitimate because they’re warning me about security.” The typo “BENVENIDO” is a subtle red flag that careful users might notice.

Protective measures:

  • Bookmark the official Bantrab login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate bantrab.com.gt domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your Bantrab account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate Bantrab domains end with bantrab.com.gt. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Bantrab directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

AV Villas digital phishing page detected

Threat Analysis: Av Villas Phishing – Fake “Banca Virtual” Login Page

This phishing campaign impersonates Av Villas (Avvillas) , a prominent Colombian bank. The page mimics the bank’s “Banca Virtual” (Virtual Banking) login interface to steal customers’ document number (typically “Cédula de Ciudadanía” – national ID) and password.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake Av Villas login page. When the victim selects their document type (pre-selected as “Cédula de Ciudadanía”), enters their document number and password, and clicks “INGRESAR” (Login), the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s Av Villas online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not avvillas.com.co or any official Av Villas domain. Legitimate Av Villas online banking is accessed through the bank’s official website. Always check the address bar.
  • Unsolicited login request: Av Villas does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official app.
  • Minimal design: While the page includes the Av Villas logo, it lacks the full navigation, security notices, and personalized elements present on the legitimate login page.
  • Missing security features: Legitimate Av Villas login pages typically include additional security elements such as a virtual keyboard, security image, or multi-step authentication. This page has only a basic form.
  • Emoji in the interface: The page includes a emoji next to the “Olvidé mi contraseña” (Forgot my password) link. While not impossible on a legitimate site, such informal elements are more common in phishing pages than in professional banking interfaces.
  • Generic form: The page asks only for document number and password without any account-specific personalization.

What to do if you encounter this:

  • Do not enter your document number, password, or any other personal information on this page.
  • If you are an Av Villas customer, always access online banking by typing avvillas.com.co directly into your browser or by using the official Av Villas mobile app.
  • If you have already entered your credentials, contact Av Villas immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to Av Villas’s fraud department.

Why this scam is effective:
Av Villas is a well-established bank in Colombia, and “Banca Virtual” is its standard online banking portal. The page uses the bank’s logo and a clean, simple design that resembles the real login screen. The use of “Cédula de Ciudadanía” (the common national ID in Colombia) as the document type is accurate and familiar to local users. The emoji, while a slight red flag, may not be noticed by victims who are focused on entering their credentials.

Protective measures:

  • Bookmark the official Av Villas login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate avvillas.com.co domains, not on phishing sites.
  • Enable two-factor authentication (2FA) on your Av Villas account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate Av Villas domains end with avvillas.com.co. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact Av Villas directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.