Skip BreadcrumbHome / Security / False messages using the name cttexpresso

False messages using the name cttexpresso - Do not open the links


Please beware of e-mail messages supposedly sent by the postal services cttexpresso with the subject "Atenção: Erro no endereço de entrega" (Attention: wrong delivery address), stating that "A empresa de courier não foi capaz de entregar um pacote para o seu endereço" (the courier company was unable to deliver a package to your address) and asks that you "download de informações" (download information) to print and take to the post office to pick up the (alleged) package.

Example of the e-mail sent:

image of an example of the e-mail sent 

This is another case of Phishing wherein, when you access the link sent, you are requested to install an executable file (.exe) as you can see below:

image of an example of a request to install an executable file 

After this malicious software is installed on your computer, we verified that, when you login to the website, you get a pop-up regarding our web page, warning that you need to install a security module "Instalação do Módulo de Segurança", asking you to enter your mobile phone number and Multichannel Code, afterwards sending a text message with an Authorization Code, as per the screen images below:

image of an example of a request to install an executable file - starting 

image of an example of a request to install an executable file - progress 

image of an example of a request to install an executable file - request to insert mobile phone number and 3 positopns of the Multichannel Access Code 

image of an example of a request to install an executable file - request to insert code received by SMS 

Following this phishing of the User's Access Codes, the cyber-criminal requests an Authorization Code to execute the registry in the Millennium App, and an SMS similar to this one will be sent:

example of SMS received on mobile phone 

Please be reminded that:

  • You should beware of any e-mail that requires "immediate action" or creates a sense of urgency, especially if it shows spelling errors or bad grammar and has attached executable files (.exe);
  • The three (3) random digits of the Multichannel Code are requested when you login to www.millenniumbcp.pt as well as for the management of your personal data/access codes (if your enter a wrong number, the three random positions requested remain the same until you login successfully);
  • Carefully read the SMS received containing the Authorisation Codes since the transaction data are identified in the SMS;
  • Phishing aims to abusively confirm/get personal data/access codes through messages with links/attachments that can infect a computer with malicious software or lead the user to fake websites, identical to the trustworthy websites. Avoid opening links to external websites as well as opening executable files;
  • Analyse the e-mails you receive before opening them, always confirming the source and the subject, if possible, with the issuer;
  • Never provide personal information or data in an e-mail reply;
  • Install (if you haven't done so yet) an antivirus software and update it regularly.

Remember: The protection of your assets and of your computer depends on you!

You can read all the Security information aqui. (Companies)

You can read all the Security information aqui. (Individuals)





If you ever find something out of place at www.millenniumbcp.pt/en or if you need further information
please contact us using Banco Mail or, alternatively, by telephone on
918272424 / 935222424 / 965992424 (domestic call)
or +351210052424 (international call).

The cost of the calls depends on the specific prices agreed by you with your telecommunication operator.​

​​