8FPH-00078-001 CSIRT warns of phishing for temporary account blocking

Summary

The Computer Security Incident Response Team, CSIRT, has identified a phishing campaign through an email whose message attempts to deceive users of the State Bank. The email indicates that the process servers were updated and that they are operational, however, the user’s account is not registered, so it was temporarily blocked. The scammers provide a link to restore the account, prompting their victims to enter the link, otherwise, the user will need to go to the branch for unlocking. The link directs you to a site similar to that of the Bank.

 

Observation

We request to take into account the signals of commitment as a whole

 

Commitment Indicators

Url’s:

http[://]mail[.]nightcolours[.]es/process/imagenes/comun2008/banca-en-linea-personas[.]html

http[://]naveg0[.]site/activacion/cuenta-worw

 

Smtp Host

[45.236.128.5]

 

Sender

apache @ jeep1 [.] net

 

Subject:

Important Notice: Temporarily Locked Account

 

Recommendations

Keep your platforms updated (Office, Windows, Adobe Acrobat, Oracle Java and others)
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing
Perform permanent awareness for users about these types of threats
View the websites that are entered that are official