CAUTION: Banco Bhd/Leon

POP Bad Boy

Bronze
Jun 27, 2004
984
30
0
CAUTION: Banco Bhd/Leon

I updated my computer to Windows 10 and for some reason my "link" to BHD was the old link and not the new one.

So instead of fooling around with it, I just put into google "banco bhd Dominican" and just used that link.

The page came up just like usual, but after putting in my cedula / password / and that changing thingy letters, it said that it did not recognize my computer and that I had to redo my security questions.

.....BUT THIS TIME, it made me pick the questions again, then put in the answers. SO I DID............

THEN, it went on to the next page and had a card with the 40 different "4 number" codes that you need to use on the site in different numerical order and wanted me to verify each one.............

THAT'S WHEN I REALIZED that I was spoofed and they were stealing my credentials.

I immediately got out, went to the correct website, changed my password and all my security questions.

I AM ON THE COMPUTER 24/7 and consider myself quite computer savvy but almost got taken this time.

BEWARE...........IT WAS SO "REAL"!!!!!!!

THE INTERNET ADDRESS WAS EXACTLY THE SAME BUT WAS HTTP:// INSTEAD OF HTTPS://
 

VJS

Bronze
Sep 19, 2010
846
0
36
Are you talking about the paid link to what appears to be http://www.bhd.ca which actually redirects to http://bhdleon-dominicano.com/sblbancasalogin/ ? This is clearly a spoofing attempt. Should be reported to google to take their ad off and to domain registrar/registry to stop their domain service. Consider that your personal data may now be compromised, - I would change my data asap.

The legit url is http://www.bhdleon.com.do/ - different domain clearly.
 

josh2203

Bronze
Dec 5, 2013
942
190
63
if it was the same URL but http and not https than it's the same thing.

I have used a number of online banking systems, and I have yet to see a bank which would not use https.

You should also avoid Googling the bank, and if you do, double-check the domain. Only give out banking credentials if you see a padlock on the URL bar.

Moreover, as far as I have seen, no bank ever asks for the changing security codes unless you are confirming a transaction, and this is also something all banks (outside of DR) communicate to their clients, as phishing is common.
 

POP Bad Boy

Bronze
Jun 27, 2004
984
30
0
Are you talking about the paid link to what appears to be http://www.bhd.ca which actually redirects to http://bhdleon-dominicano.com/sblbancasalogin/ ? This is clearly a spoofing attempt. Should be reported to google to take their ad off and to domain registrar/registry to stop their domain service. Consider that your personal data may now be compromised, - I would change my data asap.

The legit url is http://www.bhdleon.com.do/ - different domain clearly.

Really not sure at this point, but however I got there, it's out there..........I was only putting it out as a warning that if anyone else HAPPENS to get there, get out.............. I already changed the password, all security questions and answers. I checked the account today and it is not disturbed.
 

VJS

Bronze
Sep 19, 2010
846
0
36
Really not sure at this point, but however I got there, it's out there..........I was only putting it out as a warning that if anyone else HAPPENS to get there, get out.............. I already changed the password, all security questions and answers. I checked the account today and it is not disturbed.

I reported to Google last night and the ad is taken down now, and if you go directly to the phishing link, Chrome shows the 'phishing attack ahead' red screen. I also expect that their Google Ads expense account is now frozen with whatever funds they had there.
 

arturo

Bronze
Mar 14, 2002
1,333
94
48
I apologize in advance for this bit of boring techno-speak.

Certificates are your friend. Prioritize them above all the other things mentioned in this thread (URLs, https vs. http, landing page appearance) because all the other stuff is fairly easily spoofed or hijacked. For example, BHD/Leon's certificate authority is digicert but you won't see an indication of digicert or https on their landing page. Once you drill down to "bancasa" the online banking application, you are directed to an https URL certified by digicert. Various browsers and browser versions display the security and certificate authority symbols at different spots on or near the address bars. Remember, I apologized in advance. :)

Exactly!

http or https will be the same domain owner.
 

OkieJoe

New member
Feb 15, 2013
34
0
0
Ive had a couple of spoof attempt emails from fake PayPal sites over the last few months. The emails are about "limited activity status" and such. The key difference between the fake and the real is that Paypal will ALWAYS address you buy your name in the greeting. The other use "Customer" or "Account #XXXXXX". Stay safe my friends.....