This is how they steal using Nequi and Daviplata in Colombia

This is how they steal using Nequi and Daviplata in Colombia
This is how they steal using Nequi and Daviplata in Colombia

By promoting a fake app, cybercriminals seek to reach victims in order to steal their information. (Nequi)

Digital payment methods in Colombia have become more established in recent years. Going to the local store and paying using Nequi or Daviplata is a normal occurrence in most cities in the country. But this growth also opens the door to crimes that take advantage of this popularity to steal data and money from users.

In 2023, 18 million users were registered on these platforms, which means that for cybercriminals this is a scenario with a wide margin of maneuver and retaliation.A scam has recently emerged in which users are invited to download a fake application called Nequit, with the promise of being able to use both platforms in one place.

This type of theft combines face-to-face social engineering with invasion of our phone, since we are installing software whose origin we do not know. This is how it works.

By promoting a fake app, cybercriminals seek to reach victims in order to steal their information. (Daviplata)

The scam begins with casual, in-person contact. A person on the street approaches the victim to offer a servicewhich is common because banks often send sales agents to the streets or shopping centers to sell credit cards, loans, etc.

In this case, the offer is an application that promises to bring Nequi and Daviplata together in one place. Since they are platforms from different financial entities, each one operates separately, but many people have both services, since that does not generate any charge.

After convincing the victim to install the application on their phone, the criminal asks for a payment of 50,000 Colombian pesos (approximately 12 dollars) to continue with the process. Another red flag is that neither app charges a fee to download and can be obtained for free from the Google Play Store and App Store.

By promoting a fake app, cybercriminals seek to reach victims in order to steal their information. (Illustrative image Infobae)

The reason why payment is required is because the installation will be done through an APK, that is, the criminal downloads a file to the cell phone and in that way installs the application.. A process that is legal to do (and many secure apps can be obtained this way), but in this case the origin of the file is unknown.

This is when the scam reaches the cell phone. Since the origin of the file is not known, it is possible that there is something more in the background, such as the installation of a second malicious application or malware, which subsequently allowing the cybercriminal to attack the device, stealing personal information, controlling it or accessing private content.

Finally, the attack has greater potential, since the victim will open their Nequi and Naviplata account in this fake application and all their information and money will be available to the cybercriminal.which could steal money and data by having control of that platform.

This is not the first time that a fake app of this type has tried to steal from users. In 2022, Nequi warned of a similar situation. At that time, the platform was promoted through social networks and the promise was to download the ‘Nequi infinito’.

Nequi’s infinite money app is fake and only seeks to steal data and money. (Nequi)

Specifically, the theft involved tricking users into using an app that held infinite amounts of money and could be used to make payments. To obtain it, you had to download an APK file. But in essence, it is a form of theft that seeks the personal and financial data and money of the victims.

  • Avoid secondary applications: Both Nequi and Daviplata, as well as any bank, have an official app and from there it is safe to make any type of transaction. Do not fall for the promises of platforms that gather transactions or accounts in one place.
  • Download from official stores: Although installing APK files is safe, these types of financial applications are available on the Google Play Store and App Store, so there is no need to do any external processes, especially if you do not have the knowledge.
  • Use strong and unique passwords: Avoid setting simple passwords with birthdays or easy-to-guess passwords. Use combinations that are not familiar numbers and have a password for each platform.
  • Constant updates: Keep your phone and apps updated to avoid security and performance issues.
 
For Latest Updates Follow us on Google News
 

-

PREV Jose Ramon Iturriaga: Perceptions
NEXT “We have realized how completely dependent we are on technology”