We have detected a phishing email claiming to have been sent by the BCRA´s security department. In this regard, it is worth pointing out that the BCRA does not request personal or banking data by email.
This email purports to be an email from the BCRA and is sent from no-responder@clyfema.net, an account that does not belong to the BCRA. BCRA’s email addresses have the following official domain: @bcra.gob.ar.
If you receive any other email, we recommend you immediately delete it as it is a phishing attack, i.e., a deceptive email that pretends to be legitimate and is used to obtain banking and personal data.
They usually display some or all the following telltale signs:
1. Sender: unknown contacts or anyone purporting to be recognized organizations or individuals, usually misspelled.
2. Email address: it seemingly looks like the real address; however, it may have an extra letter, or else any other letter may be added, deleted or replaced by a number. For example: hxxps://banco-central[.]xxxxxx[.]com/xxxxx (the right address is: https://bcra.gob.ar/).
3. Subject and content: phishing usually involves an unexpected email requesting immediate action or informing about imminent danger.
4. Links and attachments: the content usually redirects to links or requests data or the downloading of malware files or programs known as virus.
Translation of the fake email detected into English:
From: IMPORTANT INFORMATION (no-responder@clyfema.net)
Date: December 21, 2020, 09:40
Subject: B.C.R.A.
Dear Client:
The BCRA´s security department is constantly working to ensure your security and that of our partners, and has detected unusual activity on your cards.
This may have been caused by an unauthorized access to your account or an access through a different IP address, public place, or public Wi-Fi network.
As a security measure, we have temporally suspended your account until this issue is settled.
You may access your account normally; however, you would not be able to make online payments, i.e., any transaction other than those made using your physical card.
In order to solve this, please visit our verification system and complete the data required to activate your account as soon as possible. Please keep your National Identity Document (DNI) at hand as it may be requested.
If all the information corresponds to your account, you will be automatically redirected to your card website and your account will be immediately restored.
Log in to your account and update your information.
How to Report Phishing Attacks
You may contact the Specialized Cybercrime Unit (Unidad Fiscal Especializada en Ciberdelincuencia, UFECI).
Address: Sarmiento 663, 6° Piso, CABA Campaign | Fraud Prevention
Banks operating in the country have launched a security campaign to warn their clients. Follow #AprendiendoACuidarnos (learning to protect ourselves) #CuidateDeLasEstafas (watch out for fraud) #ProtegéTuInformación (protect your information) in social media.
December 21, 2020.
Phone: (+54 11) 5071-0040 / 0041
Email: denunciasufeci@mpf.gov.ar
denunciasufeci@mpf.gov.ar