8FPH-00079-001 CSIRT warns phishing for maintenance of banking services


The Computer Security Incident Response Team (CSIRT) has identified a phishing campaign through an email whose message tries to deceive users of the State Bank. The email indicates that a maintenance of the services Caja Vecina, ServiEstado and the mobile application was performed, finding an error in the account. Due to this, the account was blocked. The scammers provide a link to restore the account, prompting their victims to enter the link and indicating that it is the only way to unlock the account. The link redirects the user to a site similar to that of the Bank.



We request to take into account the signals of commitment as a whole


Commitment Indicators






Smtp Host

[45 [.] 236 [.] 128 [.] 204]



apache @ metropoli [.] net



Blocked account



Keep your platforms updated (Office, Windows, Adobe Acrobat, Oracle Java and others)
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing
Perform permanent awareness for users about these types of threats
View the websites that are entered that are official