As reported by SAPOTek, there is an ongoing massive new phishing attack aimed at customers of several Portuguese banks. This manifests itself by emails requesting recipients to complete a form that links to fake websites.
Caixa Geral de Depósitos, Novo Banco and Montepio Geral are the names of banks used in the latest phishing attack aimed at Portuguese clients of banking institutions. There is some level of sophistication in the presentation but some messages have errors and are more basic.
E-mail messages are sent in large numbers to e-mail recipients, whether or not customers of these banks, requesting information and directing users to fake Web sites. These sites are well constructed, copying the sites of the actual banks. They ask for the user’s login and details to complete the authentication when banking transactions are made through the home banking pages.
As can be seen from the images this is a well-built scheme, with sites that are still active although the e-mails have been sent since yesterday. Samples of fraudulent pages can be seen here.
With user information and data such as, passwords, card, tax number and other information, attackers have access to all the necessary information to use the accounts of online users, and validate payment transactions, transfers and other services they want to accomplish.
All banking institutions have made repeated warnings that their clients do not respond to such e-mail messages that do not follow the links and not to disclose the data of accounts, passwords and card information matrix.
To identify this type of phishing is to be aware of small bank image and details and the type of language used. A link will open the site you will see that this does not have the right address, nor is it a secure site, using the https: // protocol.
Users are advised to check carefully messages received from the sender regarding content. Also it is important to use an updated antivirus, although in this case is deemed useless to filter this threat.
Phishing scams are part of one of the greatest threats of cyberattacks and in Portugal this is usually directed at large institutions, with many customers, such as EDP or banks, as well as the Tax Authority. Also last year the Judicial Police uncovered a scheme that had already managed to extort more than 70,000 euros from two victims.