BCR and Posta Romana are at the center of a last-minute warning aimed at all Romanians, and this is because we are talking about a new very serious problem that affects us, unfortunately, in such a difficult period for the whole country.
BCR and Posta Romana have the images used in new phishing attacks, and you can see below how the websites that use the logos of the two Romanian companies are made in an attempt to trick the people who access them.
Here is what Bitdefender has to say about this situation.
"Bitdefender IT security specialists warn of a fraudulent e-mail campaign claiming to be sent by well-known entities, such as Banca Comercială Română or Poșta Română, with the aim of persuading people to provide confidential financial data computer crime groups.
The messages are designed to look like they are legitimately sent by the company in question and contain links that send the user to a page where they are asked for banking information such as card number and name, expiry date and security code from the back of the card or the access data in the internet banking platform. The pages to which the user is directed are fake and fully controlled by the attackers, who will use the collected data and steal money from the victims' accounts.
In order to appear as credible as possible, the emails fraudulently use the logos and colors of the companies in question, but on closer reading they contain some grammatical errors and wording less usual for such communications.
We remind you that in June, IT security specialists from Bitdefender identified a similar campaign of deceptive e-mails sent deceptively in the name of organizations such as Poșta Română, Banca Transilvania, DHL, Balkan Express Courier or GLS and which installed spyware threats on the infected computer. At the time, the preferred targets were computers installed in public institutions. Once the victim accessed the infected link or file in the seemingly legitimate email, the threat called Agent Tesla installed itself on the system and was able to transmit the stored information and activity on the device to the attackers.
Recommendations for users:
Use the company's website directly to log in to various accounts and avoid being directed to it by an email or message of uncertain origin.
Carefully check the sender of the email and their address before accessing links or downloading attached documents.
Avoid accessing executable files or links that come with suspicious emails from senders you don't expect to hear from.
Use a powerful security solution capable of detecting cyber threats and blocking them from being installed on devices.
Use the work computer only for professional purposes and do not access applications or programs of personal interest from it."
