Skip BreadcrumbHome / Security / False messages using the name FNAC

False messages using the name FNAC

We have been alerted that several Clients and non Clients received e-mail messages
supposedly sent by FANC with the subject "A sua encomenda de 24 de março de 2017"
(Your order made on 24 March 2017), requesting that the user opens a link to track the package.

Example of the e-mail sent:



This is another case of Phishing wherein, when you access
the link sent (the entire image is the link), you download a zip file with a malicious file,
which after executed, downloads and installs the malware without your knowledge.

After the malware is installed on your device, we verified that, when you login to,
you are requested three (3) random numbers of the multichannel code and, after you hit next,
it shows an error saying invalid access and requests another (3) numbers of the multichannel code, as you can see below:



After you login you get a pop-up regarding our web page, warning that you need to install
a security module “Instalação do Módulo de Segurança”, asking you (again) to enter your Multichannel Code,
afterwards sending a text message with an Authorization Code, as per the screen images below:


Clique para aumentar Clique para aumentar Clique para aumentar Clique para aumentar


Following this phishing of the User's access codes, the cyber-criminal requests
an Authorization Code to execute the registry in the Millennium App, and an SMS will be sent saying
"Pedido de registo na App Millennium - Cod. Autorização: *******.
Contacte o Banco caso não tenha solicitado este código.

(Request to register the Millennium App - Authorisation Code: *******.
Contact the Bank if you did not request this code).
Do not enter the Code you received on your mobile phone in the field shown above.



Please reminded that...

To access Millennium bcp's homebanking services the Bank NEVER requests your mobile phone number or the installation of security software;
Whenever you access your bank accounts through the Millennium bcp website, check if the address starts with (for the Individuals access) and (for the Companies access) and that, at the end of the address bar, a lock is shown, as follows:


Millennium bcp always sends electronic messages without links;
The Millennium bcp's website is accessed using a User Code and three random positions of the Multichannel Code and Millennium bcp never requests the installation of software/security apps (or other), therefore any such request is a fraud attempt;
Carefully read the SMS received containing the Authorisation Codes since the transaction data are identified in the SMS;

Additional information

  • Phishing aims to, abusively, steal personal data through messages that take the user to fake websites, imitating those you usually access and requesting that you enter confidential data;
  • Analyse the e-mails you receive before opening them, always confirming the source, the subject and the spelling and, if you remain with doubts, delete the e-mail without opening it;
  • Avoid opening links to external websites as well as opening executable files;
  • Never provide personal information or data in an e-mail reply;
  • Install (if you haven't done so yet) an antivirus software and update it regularly.

Remember: The protection of your assets and of your computer depends on you!

If you ever find something out of place at or if you need further information
please call us on 91 827 24 24 | 93 522 24 24 | 96 599 24 24 | +351 21 005 24 24 (from Portugal or abroad)
(Personal Assistance 24/7).

Individuals - Security information Companies - Security information