Vehicle Insurance Scams Targeting Colombians with Phishing Websites Urge Them to Pay for Activation

• Colombian vehicle insurance seekers have been targeted in a scheme to dupe them financially
• Targets are shown pop-ups on social media and redirected to phishing websites
• To gain trust, publicly available data relevant to their insurance is shown to them

Colombian vehicle owners are targeted by cybercriminals with fraudulent websites to have them share their personal information and transfer funds. They are using phishing websites that replicate the design of legitimate vehicle insurance platforms.

The financial services industry has reached the top spot on the most targeted list of 2024. And vehicle insurance scam brings to light the need to create awareness among people about how scammers manage to gain their trust.

Scammers first enlist all the publicly available vehicle registration numbers on the phishing website to appear credible. They target individuals who are looking for damage-precautionary and mandatory vehicle insurance in the LatAm region.

Then craft advertisements offering services for the same and have them reflect on social media so the target feels pulled towards the service and willingly connects with the scammers. 

When contacted, the scammers address their questions with utmost caution, sounding professional while keeping cultural nuances in mind to seem trustworthy. They offer attractive offers like a 20% discount to deceive the unsuspecting target.

Addressing the deceptiveness in these tactics, a Group-IB report read, “Since the beginning of 2024, we have identified over 100 fraudulent websites linked to this scheme, each crafted with guile, meticulousness, and precision to be a digital double of legitimate services and exploit unsuspecting victims.”

This points to the success of the schemes aimed at duping car insurance seekers in Colombia and elsewhere. The site is used to engage the target and control them with fake information.

The car insurance scheme communications get moved to WhatsApp and then to the phishing website, often via malicious links. Information-stealing malware is likely deployed to steal information from specific locations of a device and can be programmed to infect connected systems, leading to a larger loss of privacy and data.

Cybercriminals programmed the website to urge insurance seekers to share their vehicle registration numbers. They are offered false information about the insurance status, denying that the insurance is still active, leaving them with a feeling of urgency and prompting them to take action.

Another tactic used in this vehicle insurance scam is when the insurance has indeed expired and the status is inactive, the site reflects it to prove its legitimacy.

The website reflects certain information about the target that is taken from public databases and government websites, so the target pays to activate their insurance.

Among the government websites they followed was https://www.runt.gov.co/consultaCiudadana/#/consultaVehiculo. Researchers noted that this website is accessible only to Colombian users filtered through their IP addresses. 

Based on the targets, the website is designed to ask them to enter their full name, identification number, residential address, email address, name of their bank, and bank account number in some instances.

In some instances, when the user clicks on the payment option, they are redirected to a scam payment gateway or another website. This is where the unsuspecting user enters their banking details, card numbers, and all the account information the cybercriminals need for further exploitation. 

Once they enter all the information, a redirect takes them to a third website for fund transfer. This page has a Colombian transaction system.

To avoid falling prey to similar scams, users must verify the legitimacy of each communication and channel. Websites can be checked by running them through credible IP look-up tools, including https://scamalytics.com/ip