Os criminosos estão a tirar partido de uma falha do Google Map como meio para enganar as pessoas.
Os criminosos descobriram uma nova falha na interface do Google Maps que permite editar os detalhes de contato e os endereços dos principais bancos, o que levou os utilizadores a revelarem os seus dados bancários, como CVV e PINs de caixas eletrónicas.
De acordo com a Google’s User Generated Content policy, qualquer pessoa pode editar os detalhes de contacto e o endereço na plataforma. Aproveitando-se dessa falha, um grupo de criminosos Thane-based atualizou os detalhes de contacto do Bank of India e colocou seu próprio número de contacto, e dessa forma eles conseguiram enganar as pessoas.
“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” the Superintendent of Police, Balsing Rajput of the State cyber police quoted in the Hindu.
Enquanto isso, o porta-voz do Banco da Índia disse já verificaram e alteraram os detalhes de contacto das suas filiais no Google Maps.
BOI’s spokesperson said, “After these incidents came to our notice, we modified the contact details on these branch listings on Google Maps. We asked users to use only Bank of India’s official website to search for branch contact details.”
However, the Google’s spokesperson said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognize there may be occasional inaccuracies or bad edits suggested by them. When this happens, we do our best to address the issue as quickly as possible. The Google Safety Center outlines tips to help consumers stay safe online.”
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.