Skip BreadcrumbHome / Security / False messages using the name Autoridade Tributária (Tax Authority)

False messages using the name Autoridade Tributária (Tax Authority)

We have been alerted that several Clients and non Clients received e-mail messages supposedly sent by AT – Autoridade Tributária e Aduaneira (Portuguese Tax Authority) with the subject "Lista de devedores na internet” (Online List of Debtors), asking them to download a file to view the tax seizure proceedings underway with their name.

Example of the e-mail sent:

 


As you can see above, the e-mail in question is sent from na address with a Brazilian domain (.br), and the link does not identify the above mentioned entity.

This is another case of Phishing wherein, when you access the link sent, you install malicious software without even knowing it.

After this malware is installed on your device, we verified that, when you login to millenniumbcp.pt, you get a pop-up regarding our web page, warning that you need to install a security module “Instalação do Módulo de Segurança”, asking you to enter your Multichannel Code, afterwards sending a text message with an Authorization Code, as per the screen images below:

 

Click image to zoom Click image to zoom Click image to zoom Click image to zoom Click image to zoom

 

Following this phishing of the User's access codes, the cyber-criminal requests an Authorization Code to execute the registry in the Millennium App, and an SMS will be sent saying "Pedido de registo na App Millennium - Cod. Autorização: ******* (Request to register the Millennium App - Authorisation Code: *******). Contacte o Banco caso não tenha solicitado este código.” (Contact the Bank if you did not request this code). - Do not enter the Code you received on your mobile phone in the field shown above.


Please be reminded that:

  • You should beware of any e-mail that requires "immediate action" or creates a sense of urgency, especially if it shows spelling errors or bad grammar and has attached executable files (.exe);
  • The three (3) random digits of the Multichannel Code are requested when you login www.millenniumbcp.pt as well as for the management of your personal data/access codes (if your enter a wrong number, the three random positions requested remain the same until you login successfully);
  • Carefully read the SMS received containing the Authorisation Codes since the transaction data are identified in the SMS;
  • Phishing aims to abusively confirm/get personal data/access codes through messages with links/attachments that can infect a computer with malicious software or lead the user to fake websites, identical to the trustworthy websites. Avoid opening links to external websites as well as opening executable files;
  • Analyse the e-mails you receive before opening them, always confirming the source and the subject, if possible, with the issuer;
  • Never provide personal information or data in an e-mail reply;
  • Install (if you haven't done so yet) an antivirus software and update it regularly.

Remember: The protection of your assets and of your computer depends on you!


If you ever find something out of place at www.millenniumbcp.pt/en or if you need further information please call us on 91 827 24 24 / 93 522 24 24 / 96 599 24 24 / +351 21 005 24 24 (from Portugal or abroad) (Personal Assistance 24/7).

You can read all the Security information available here. (Companies)

You can read all the Security information available here. (Individuals)​​