Santa Fe Police authorities in Villa Constitución woke up Wednesday to unexpected news: His bank account was empty. In a usual cyberattack maneuver, the intruders made off with a loot of 165 million pesos.
The procedure used by the hackers would have consisted of phishing, a form of identity theft that uses the sending of emails with links and attachments as bait. It is the most common "uncle's tale" in cybercrime.
The blow was suffered by Regional Unit VI of Villa Constitución, the city of Santa Fe located just in front of the Buenos Aires town of San Nicolás de los Arroyos. Authorities filed the complaint Wednesday.
In charge of the investigation was Eugenia Lascialandare, who gave intervention to the Cybercrime Unit of the Criminal Investigation Agency (AIC). According to the newspaper La Capital, the amount ranges between 160 and 165 million pesos. The money was intended for overtime pay and fuel for patrol cars, reported El Ciudadano.
Upon discovering the missing bank accounts, the authorities of the Regional Police Unit in Villa Constitución detected suspicious movements and transfers that did not have their authorization.
"It was proven that they had entered a Trojan virus via email," sources in the investigation told Rosario3.
Thus, the main hypothesis is that within the Regional Unit they fell into a phishing maneuver. This is a manoeuvre by which the criminal passes off emails, WhatsApp messages and fraudulent social networks and websites through platforms or content of recognised companies and public entities. Classic are those shipments that simulate arriving from banks or organizations such as AFIP.
In this way, the victim falls for the deception and exposes sensitive personal information, such as passwords, credit card numbers, or banking information.
In the case of the Villa Constitución Regional Unit, the bait would have been an e-mail. The perpetrator or perpetrators of the cyberattack would have made several transfers to different bank accounts.
Tips to avoid falling for phishing maneuvers
Last August, in the face of a 40% growth in this type of cyberattack, specialists provided Clarín with some recommendations to avoid being a victim of phishing.
Agustín Merlo, a cybersecurity researcher, explained that the first step is to "verify the authenticity of the site." He also called for distrust of the promises – often excessive – offered by the pages or emails in question, which present "magical and/or quick solutions for everyday issues, whether financial or health."
Identity theft in emails, networks and websites, the bait for phishing. Photo: Shutterstock
You also need to pay attention to the address to which the "contaminated" links are forwarded. Many times, they pretend to be from recognized senders – personalities, private companies and even public bodies such as the AFIP – but with subtle alterations in their names.
Merlo also asks for "caution and distrust when receiving emails, messages or calls without having previously requested them." Similarly, he advises checking the legitimacy of applications that are installed on electronic devices.
In addition, a state of urgency should be avoided, a feeling that criminals often arouse in the victim so that they have "less time to analyze what is happening" and act on impulse.
Other anti-phishing recommendations:
Examine the email, who is sending the email, and whether the links in it redirect to the correct site.
Avoid clicking on a link and opening a new tab to access the entity's website on your own.
Before entering private information on a site, always validate that the domain is correct, that it has "https://" and is not marked in red.
Have an antivirus installed and updated
When in doubt, contact the company or institution directly