Agents of the National Police have taken down, within 24 hours of their detection, a fraudulent website that impersonated the official portal of the Prado Museum. The domain offered to obtain tickets to the museum and, to do so, requested personal and bank card information to make the payment, although it did not generate any type of ticket and its sole purpose was to obtain user data to commit future fraud. , as reported by the Police. It is understood that the authors were seeking to obtain data from the cards for future acquisitions.
The investigation began after the complaint filed by those responsible for the Prado Museum last Wednesday in which they reported phishing to the Museum’s official website through a domain intended, presumably, for the acquisition of access tickets at significantly reduced prices.
The agents began efforts to identify the server where the fraudulent website was hosted, as well as find out the domain registrar, all in order to block access to the fraudulent domain and prevent fraud.
The researchers verified that the creators of the website could have made the payment to obtain good SEO positioning, that is, for their website to appear as high as possible when you search in browsers, such as Google.
Likewise, it was verified that the certificate used on the website to obtain the designation of a secure website, that is, the padlock and the “s” in “https” that appears on the pages when accessed, this being a free certificate for which it is not necessary to make payment or provide data.
The investigated domain was created on the 14th, as well as obtaining the certificate, facts that confirm that it was created with the sole purpose of obtaining the victims’ data and subsequently obtaining financial benefits from the scams committed.
The dismantled website intended for users to access the purchase of access tickets (for 7 euros), to make an alleged payment with a bank card for which it requests personal and bank card information, the expiration date and the CVV.
However, once the payment was formalized, the system did not generate entry to the museum, so the purpose of said website was solely and exclusively to obtain data from users and their means of payment, presumably, to be used a posteriori in subsequent frauds.
The agents have verified that the host of the website is located in the United States and, following a request from investigators, it has been closed. Currently, access to the fraudulent domain is no longer possible.
At the moment, the number of victims who could have accessed the domain is unknown, and efforts are continuing to clarify the facts and identify the authors of the hosting of the fraudulent domain.
