Detected a phishing campaign forging OpenBank

It has been detected a campaign that sends fake emails that forge the bank entity OpenBank, which belongs to Santander Bank, whose objective is to redirect a victim to a fake web (phishing) to steal his/her bank information.


Affected Resources:

Any OpenBank user that execute bank operations on websites. Is affected any user that operates online and they can receive the email.


If you received an email like that, have accessed to the link and you entered your user data, you must call OpenBank and report what happened.

Avoid becoming a victim of phishing by following these steps:

1- Do not open any unknown email, delete them at once

2- Do not reply to the emails

3- Be careful when you download from links and archives, even they are known to you.

4- If the link brings you to an unknown web or interface, do not enter any of your information

5- If you don’t know what to do in some case, contact with OpenBank, with the Police Department (FCSE) or the internet security office (OSI).

In the other hand, try to always follow the tips that the security section of your bank recommends you:

1- Close every app before entering the website

2- Write the URL of your bank in your browser bar, so you can access directly without clicking secondary links.

3- Do not access to your bank account from public computers or public networks.


The fake email that forges OpenBank is identified by having thread names like: “Your bill has been paid” or “You have fulfilled a transaction of EUR 250.00 EUR”

The content of the email informs the user that he has fulfilled a transaction with success, and says that the user enters the link to see the details, like the one shown in this picture:

To access to the link, the user will be redirected to the fake website, which one does not have  a security certificate, which is necessary for every bank entity:

If the user logs in with his name and password, he will be redirected to other website where his credit card PIN is asked:

And for the last, the user will be redirected to another site where he is asked to introduce his signature, which allows you to make transactions.

When you put your signature, you are redirected to the original OpenBank website, to make it more credible.


From OSI


Deja un comentario