Increasingly, cybercriminals are finding new ways to trick users and steal from them through various tricks, such as identity theft. A recent case involves Empresas Públicas de Medellín (EPM), who last Friday, June 14, reported in a statement that their website had been a victim of impersonation. This platform is crucial for citizens to pay their bills.
According to the statement, the criminals had modified the legitimate address of the company, “facturaweb.epm.com.co”, redirecting customers to a bank account controlled by third parties through the fraudulent URL “facturaepm.com.co”.
1. Website www.epm.com.co. The Company recommends writing this address directly in the browser and not typing it in search engines.
2. EPM App We are there, in the Web Invoice option.
3. Ema, EPM’s digital contact, on WhatsApp 302 3000115.
4. QR code scanned directly from the printed or digital invoice (PDF format), if the user receives it by email.
Likewise, he emphasized that digital payments made through platforms authorized by the company will always direct to the Secure Online Payments (PSE) page. In no case will they be redirected to transactions using QR codes from banking entities, cards, debit, credit or digital wallets.
What is the identity theft of which EPM was a victim?
This is one of the scam methods most used by hackers to deceive users without them realizing it. According to Kaspersky cybersecurity experts, it consists of a person impersonating another person to gain the trust of a user and thus gain access to their systems. The goal may be to steal personal data, money or, in the worst case, install malicious software.
“Impersonation is a general term to define the masking of a cybercriminal, who impersonates a trusted entity or device so that you do something that benefits the attacker and harms you. Every time an online scammer disguises his identity, we are faced with the presence of this phenomenon,” they indicate on their website.
“For businesses, phishing attacks can sometimes lead to ransomware attacks or damaging and costly data breaches,” says Karspersky.
Although it is a growing problem, Users can adopt simple prevention measures to reduce the risk of falling into the hands of unscrupulous people who seek to obtain economic benefits:
- It is advisable to use disposable email accounts when accessing digital channels, as this minimizes the risk of the primary address being used to send mass fake messages.
- Make sure your email password meets security requirements to make it difficult for cybercriminals to guess.
- Activate and use the anti-spam filter, a feature available in most email services, to prevent messages with false information from reaching your inbox.
- When receiving new messages in the mail, carefully review details such as the header, message body, attachments, and spelling, looking for possible errors that could indicate an attempt at deception.
