Banco Bradesco phishing page detected

A sophisticated Banco Bradesco phishing campaign targeting Brazilian users through fake “security re-registration” messages to steal account credentials and security tokens in real time. This critical-level threat employs lookalike domains and smishing to intercept Agency/Account numbers, PINs, CPF numbers, and mobile token codes for full account takeover.

метода фишинга на основе скриншота? Чтобы люди были осведомлены, предупреждены, и не попались на обман.

A high-severity phishing campaign targeting Banco Bradesco customers in Brazil uses fraudulent “Security Key Update” alerts to steal login credentials and security tokens (Chave de Segurança) in real-time, enabling account takeovers. Attackers distribute malicious links via SMS or WhatsApp, leading to phishing sites that clone the official Bradesco portal to harvest Agência, Conta, and Token Digital codes. Users should avoid clicking links, verify URLs, and only manage accounts through the official Bradesco app, as the bank never requests security tokens for profile updates.

This Banco Bradesco phishing case highlights a sophisticated Man-in-the-Middle (MitM) attack designed to intercept security tokens in real-time, bypassing multi-factor authentication for full account hijacking. The attack uses SMS/email lures directing users to a fake portal, demanding a 6-digit ‘Chave de Segurança’ to authorize fraudulent PIX transfers immediately.
Expert Security Tip: Real-time token hijacking often involves scammers using stolen credentials to log into the legitimate banking site while the user is on the fake site, using the provided token to approve unauthorized actions. Never provide security token codes on websites reached through external links; treat any prompt for a token during login as an active phishing attempt.

La Poste phishing page revealed

A phishing campaign targeting La Poste customers in France uses SMS and email to solicit small shipping fees, ultimately stealing personal information, credit card details, and 3D-Secure codes to authorize fraudulent transactions. The attack leverages professional-looking clone sites and a “low-friction” micro-payment hook to steal high-value amounts despite requesting only a minor fee. Users are advised to track packages only through the official La Poste app or website and to carefully verify 3D-Secure SMS messages.

This phishing campaign targets French residents by using fake SMS or email notifications regarding a “redelivery fee” of a parcel, leading to a fraudulent clone of the La Poste website to steal credit card details and personal information. The attackers leverage a low-cost, 1.99€ “micro-payment” pretext to bypass suspicion and harvest 3D-Secure codes to execute unauthorized, larger transactions.
To avoid this threat, verify deliveries only through the official La Poste app, check for non-official sender numbers, and inspect URLs for suspicious domain names.

SFR phishing page revealed

A phishing campaign targeting French telecommunications provider SFR uses fraudulent emails and SMS to trick customers into entering personal and credit card details on fake “Espace Client” login pages. The attack, designed to harvest banking credentials and 3D-secure codes through fake payment or refund notices, highlights a growing utility billing scam tactic.

SFR “Refund / Unpaid Invoice” Phishing
Target: SFR (Société Française du Radiotéléphone) customers in France
Threat Level: High (Credit Card Skimming & Account Takeover)
Phishing Method Description
This attack targets users of the French telecommunications provider SFR. Scammers send out Phishing Emails or SMS (Smishing) using two common pretexts:
The Refund Bait: Claiming the user has overpaid their bill and is entitled to a refund (e.g., 50.00€).
The Payment Failure: Claiming a recent monthly payment failed and services will be suspended unless a small “regularization fee” is paid immediately.
The link leads to a high-fidelity clone of the SFR “Espace Client” portal. This phishing kit is designed to harvest:
Login ID and Password (to access the user’s contract and personal data).
Full Credit/Debit Card Details (Card Number, Expiry, and CVV).
Personal Information (Name, Address, and Date of Birth).
3D-Secure SMS Codes: The fake site intercepts the security code in real-time, allowing the attacker to authorize a much larger fraudulent purchase instead of a “refund” or a small fee.
⚠️ Red Flags to Watch For
Deceptive URL: The official domain is sfr.fr. Phishing sites use lookalikes such as mon-espace-sfr-reglement.com, remboursement-sfr.net, or free hosting subdomains like sfr-client.web.app.
Refund via Credit Card: Legitimate companies like SFR refund overpayments by crediting your next bill or via bank transfer (IBAN). They never ask for your CVV code to “send” you money.
Urgent and Alarming Language: Phrases like “Action requise immédiatement” or “Suspension de ligne” are used to induce panic.
💡 Expert Security Tip: The “Reverse Payment” Illusion
The Method:
This case highlights the “Refund-to-Skimming” tactic. Scammers exploit the psychological “reward” of receiving a refund to lower the victim’s guard.
The Trap:
By asking you to “enter your card details to receive a refund,” the scammers are actually setting up a payment gateway on their end. When you provide your card info and the subsequent SMS code, you aren’t receiving 50€—you are authorizing a payment of potentially hundreds or thousands of euros to the attacker’s account.
How to Protect Yourself:
Refunds go to IBAN: In France, utility and telecom refunds are almost always processed via the bank account (RIB/IBAN) already linked to your contract. If a site asks for your CVV (the 3 digits on the back) to “give” you money, it is always a scam.
Check the “Espace Client” Directly: Never click a link in an email. Go to www.sfr.fr manually or open the “SFR & Moi” app. if there is a real issue or refund, it will be visible there.
Verify the Sender: Official SFR emails come from @sfr.fr or @sfr.com. Be wary of addresses like [email protected] or other generic domains.

Banca Intesa phishing page detected

A phishing campaign targeting Banca Intesa Beograd customers uses fraudulent SMS and email messages to harvest login credentials and real-time SMS OTPs via a spoofed login page. This Man-in-the-Middle attack aims to steal credentials for the Banca Intesa Mobi app, with fake links often leading to lookalike domains rather than the official bancaintesa.rs site.

This phishing case targets Intesa Sanpaolo customers, employing smishing/phishing techniques to steal “MyKey” login credentials and real-time security codes to authorize fraudulent transactions. Scammers utilize realistic fake portals and phishing kits to bypass 2FA by acting as a middleman, prompting users to enter legitimate O-Key SMS/app codes directly into the malicious site.
Expert Security Tip: Always manually enter the bank’s URL, and never input O-Key SMS codes on a website, as the attacker is likely proxying your credentials to a live, official banking session.

BAC Credomatic phishing page detected

A sophisticated phishing campaign targeting BAC Credomatic customers uses “Token Synchronization” to steal credentials and real-time OTP codes via fake banking portals, often distributed through Smishing or email. The attackers use high-fidelity clones of the bank’s portal to trick users into entering their username, password, and Código BAC, aiming to bypass multi-factor authentication for fraudulent transactions. To avoid this, users are advised to never follow links in security messages and only enter tokens when initiating transactions within the official app.

This case highlights a critical phishing threat targeting BAC Credomatic users, employing a “Digital Security Update” pretext to steal credentials, credit card details, and real-time Banca Móvil/Código BAC security codes. Scammers act as a “middleman,” utilizing intercepted OTP codes immediately to authorize fraudulent transfers or register new devices to the victim’s account. To protect against this, never enter security tokens to verify or unblock an account, and always use the official app rather than clicking links in alerts.

La poste phishing page detected

A phishing campaign targeting La Poste customers in France uses “address confirmation” scams to harvest full credit card details and bypass 3D-Secure protections [1]. Attackers utilize SMS and emails prompting a small fee to lead victims to cloned sites, stealing credentials and real-time security codes.

This phishing campaign targeting BAC Credomatic users in Central America employs SMS and email threats to force victims to a fake “Banca en Línea” portal. The attack, which impersonates “Codigo BAC” synchronization, is designed for real-time hijacking of user credentials and 2FA tokens to perform unauthorized transactions.
Key Defense Information

  • Method: Scammers act as a middleman to steal username, password, and the 6-digit security token (Codigo BAC) in real-time.
  • Warning Signs: Urgent language threatening account suspension and links to deceptive, non-official domains (e.g., sucursal-bac-seguridad.com).
  • Protection: Always manually type ://baccredomatic.com in the browser and never enter your security token on sites reached via links [1].

This BAC Credomatic phishing case demonstrates a real-time proxy attack where attackers act as a middleman to intercept 6-digit Codigo BAC security tokens in real time. By tricking users into entering this token, scammers authorize fraudulent transactions or register new devices immediately, highlighting that two-factor authentication can be bypassed if the user provides the code directly to the threat actor.

Canada Post fake page detected

A Canada Post phishing campaign uses SMS and email, claiming an “incomplete address” to lure victims into paying a small fee on a fraudulent website. This scheme steals full name, address, and credit card details, including 3D-Secure codes, to facilitate larger fraudulent transactions.

This Canada Post phishing campaign targets residents with fraudulent SMS/email alerts regarding package delivery failures, directing them to a fake portal to steal personal information and credit card data. The scam utilizes a “micro-payment” tactic to harvest card details and 3D-secure codes for high-value transactions, disguised as a small re-delivery fee. To protect against this threat, users should inspect the URL for legitimacy, ignore requests for payment via text, and verify tracking numbers on the official Canada Post site.

Canada Post “Address Verification” Phishing
Target: Residents of Canada and International Shippers
Threat Level: High (Credit Card Skimming & Identity Theft)
Phishing Method Description
This attack leverages Logistics Impersonation, specifically targeting users expecting or sending packages through Canada Post. Victims receive a “Smishing” (SMS) or Phishing Email stating that a package is held at a warehouse due to an “incomplete address” or a “small unpaid shipping fee” (usually under $3 CAD).
The link leads to a high-fidelity clone of the Canada Post tracking page. To “re-route” the package, the victim is prompted to enter:
Full Name and Delivery Address (to build a profile for identity theft).
Phone Number.
Full Credit/Debit Card Details (Number, Expiration Date, and CVV).
3D-Secure SMS Codes: The fake site captures the verification code in real-time, allowing the attacker to authorize a much larger fraudulent purchase disguised as a small shipping fee.
⚠️ Red Flags to Watch For
Deceptive Domain: The official Canada Post domain is canadapost-postescanada.ca. Phishing sites use lookalikes such as canadapost-redirection.com, postes-canada-verify.net, or free subdomains like canadapost-package.web.app.
Insecure Links in SMS: Canada Post has stated they will never send unsolicited text messages with clickable links asking for personal or financial information.
Unusual Payment Requests: A legitimate postal service will not hold a package for a $1.95 or $2.50 fee via a text message link. These “micro-payments” are a psychological trick to make the victim feel the risk is low.
💡 Expert Security Tip: The “Micro-Payment” Trap
The Method:
This case highlights a common Financial Skimming tactic known as the “Micro-Payment” hook. Scammers ask for a negligible amount (e.g., $1.50 – $3.00) to lower your critical thinking.
The Trap:
When you enter your card details for a $2.00 fee, you aren’t just losing two dollars. You are handing over your full credit card credentials to a criminal database. Furthermore, the SMS code you receive from your bank is often not for the $2.00 fee, but for a much larger “invisible” transaction the attacker is processing in the background (such as a $1,000 gift card purchase or a high-end electronics order).
How to Protect Yourself:
Verify via Official App: If you have a tracking number, enter it manually into the official Canada Post app or website. Do not use the link in the message.
The CVV Rule: No shipping company needs your CVV code (the 3 digits on the back) to “confirm an address.” Requests for card security codes are a definitive sign of fraud.
Check the Currency: Phishing sites sometimes forget to localize. If a “Canada Post” page asks for payment in Euros (€) or US Dollars ($), it is 100% a scam.

Banco del Pacifico phishing page detected

This phishing campaign targeting Ecuador’s Banco del Pacífico uses a fake “Intermático Security Sync” page to steal online banking credentials, security challenge questions, and One-Time Passcodes (OTP). Scammers employ a “sync” pretext in emails or SMS, directing victims to a malicious website that mimics the legitimate site to bypass multi-factor authentication and gain full account control. For protection, users must always access banking services by manually typing the official URL and never enter credentials through links provided in messages.

This phishing case highlights a sophisticated Real-Time Token Interception attack, where attackers use a fake Banco del Pacífico portal to steal credentials and prompt for 6-digit OTP security codes in real-time. By acting as a live “middleman,” the attacker uses the intercepted code to authorize fraudulent transfers or register a new device instantly, rather than just stealing credentials for later use.
💡 Expert Security Tip: Real-Time Session Hijacking
If a website asks for a Token/OTP code immediately after you log in, and you have not initiated a transfer, it is a major red flag indicating a scam. Always type the official bank URL directly into your browser, as Banco del Pacífico will never ask for security tokens to “verify” your profile via an email or SMS link.

Sabadell bank phishing page detected

A phishing campaign targeting Banco Sabadell users in Spain employs SMS and email, mimicking a security update to steal credentials and Digital Signature (Firma Digital) codes. The attack uses lookalike domains, such as sabadell-online-seguridad.net or acceso-bancosabadell.com, to redirect victims to a Man-in-the-Middle site designed to harvest login data and authorize fraudulent transfers in real-time.

A Sabadell Bank phishing campaign uses SMS-based social engineering to falsely warn customers of a blocked account, directing them to a fake, pixel-perfect site designed to steal login credentials and digital signatures in real-time. This sophisticated scam tricks users into entering their app-generated security codes to authorize unauthorized wire transfers. Users are advised to avoid clicking links in SMS messages and only use official app channels.

This Banco Sabadell phishing case highlights a real-time Man-in-the-Middle attack, where criminals use urgent smishing tactics to steal credentials and SMS OTP codes instantly to authorize fraudulent transactions. Users must understand that SMS security codes are used for authorizing transactions, not for logging in, and that banks never send login links via text. To protect accounts, always log in manually via the official website and carefully read the purpose of every SMS code before entering it.

Crédit Mutuel de Bretagne (CMB) bank phishing page detected

Crédit Mutuel de Bretagne (CMB) “Security Key” Phishing
Target: Customers of Crédit Mutuel de Bretagne (France / Brittany region)
Threat Level: Critical (Real-time Account Takeover & “Clé Digitale” Hijacking)
Phishing Method Description
This attack targets users of the CMB Online Banking and the “CMB suivi de compte” mobile app. Scammers use a “Security Alert” pretext, sending out Smishing (SMS) messages claiming that an “unauthorized transaction” has been detected or that the user’s “Digital Key” (Clé Digitale) must be synchronized immediately to avoid account suspension.
The link leads to a professional-looking clone of the CMB portal, featuring the distinctive red and grey triskelion-style logo. This sophisticated phishing kit is designed to harvest:
Identifiant / Login ID
Password / PIN: Captured via a fake interactive virtual keyboard that mimics the bank’s security feature.
Mobile Phone Number
Real-time Authorization: The fake site prompts the victim to confirm a notification in their official CMB app or enter an SMS code. This allows the attacker to authorize a fraudulent wire transfer or register a new “Trusted Device” to the account instantly.
⚠️ Red Flags to Watch For
The Deceptive URL: The official domain is cmb.fr. Phishing sites use addresses like votre-compte-cmb.online, securite-cmb-bretagne.net, or free subdomains like cmb-client.web.app.
Virtual Keyboard Glitches: While the fake site mimics the official numeric keypad, it may load slowly or fail to respond correctly to clicks, as it is capturing your input in real-time.
Unsolicited SMS with Links: CMB officially states they will never include a clickable link in an SMS regarding account security or “blocking” access.
💡 Expert Security Tip: The “Digital Key” Interception
The Method:
This case highlights a Man-in-the-Middle (MitM) attack targeting the French “Clé Digitale” (Digital Key) system. Scammers are not just looking for your password; they are waiting in real-time to intercept your app-based authorization.
The Trap:
When you enter your credentials on this fake page, the attacker simultaneously logs into the actual CMB server. The moment the bank sends a “Push Notification” to your phone to confirm your identity, the phishing site tells you to “Accept the notification on your smartphone to finish synchronization.” By tapping “Confirm,” you are actually authorizing the hacker’s login or a large fraudulent payment.
How to Protect Yourself:
Read Before You Tap: When you receive a confirmation prompt on your smartphone, read the text carefully. If it says “Confirm new device registration” or “Confirm a transfer of X €” while you were just trying to “log in” via a link, REJECT IT immediately.
The “Context” Rule: A digital key notification should only appear if YOU manually accessed the official www.cmb.fr website or opened the official app.
Zero Trust for SMS Links: If an SMS says your account is blocked and provides a link to “unblock” it, it is a scam. Log in directly through your official app to check for any real alerts.