8FPH-00079-001 CSIRT warns phishing for maintenance of banking services

Summary

The Computer Security Incident Response Team (CSIRT) has identified a phishing campaign through an email whose message tries to deceive users of the State Bank. The email indicates that a maintenance of the services Caja Vecina, ServiEstado and the mobile application was performed, finding an error in the account. Due to this, the account was blocked. The scammers provide a link to restore the account, prompting their victims to enter the link and indicating that it is the only way to unlock the account. The link redirects the user to a site similar to that of the Bank.

 

Observation

We request to take into account the signals of commitment as a whole

 

Commitment Indicators

Url’s:

 

http[://]louairahal[.]net/activacion/cuenta-qkth/

https[://]payment[.]skytel[.]ie/in/www[.]bancoestado[.]cl/imagenes/comun2008/banca-en-linea-personas[.]html

 

Smtp Host

[45 [.] 236 [.] 128 [.] 204]

 

Sender

apache @ metropoli [.] net

 

Subject:

Blocked account

 

Recommendations

Keep your platforms updated (Office, Windows, Adobe Acrobat, Oracle Java and others)
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing
Perform permanent awareness for users about these types of threats
View the websites that are entered that are official