contador web Skip to content

BES customers target new phishing scam

BES customers are the new targets for an attempt to phishing (attempt to steal personal data by simulating the contact of the legitimate entity to request them), circulating through email boxes. THE email signed as Banco Espírito Santo even indicates that it is because the bank is aware of recent attempts at computer attacks that it is addressing customers, requesting an update of their access data to the banking service online.

Supposedly, the entry of data in this “secure update application”, as described, aims to ensure a better interaction with the Internet banking identification system.

The security element is used several times in the message contained in the body of the email, structured in a reasonably credible way, although with some unlikely Portuguese errors, if the author of the request was in fact the bank.

Even less normal is the content of the order that requests all the customer’s identifying information, from the PIN or taxpayer card number, to the data on the parent card.

As the bank indicates in all its security alerts – and the authorities themselves – this information will never be requested in full from the customer, just as it is not practical to ask customers to update data via email. Even less with the mandatory character that this email indicates.

The points that help to identify the false content of this message (shown below) seem simple, but it is good not to forget that this week the Judicial Police confirmed that the phishing it is the security problem that most motivates police complaints at the national level, in the area of ​​computer crime.

According to a worldwide study released this week by Symantec, the phishing it is the type of online attack that most motivates the feeling of guilt among users, as 78 percent of respondents admitted by the security company, although the phenomenon never fails to gain expression.

TeK has already contacted BES and is receiving information from the bank regarding possible measures initiated as a result of this attempt to attack its customers.

phishing message