Customers of Santander, one of the largest banking groups in the world, are currently being targeted with a phishing email masquerading as a bogus notification of a scheduled software upgrade:
Subject: Santander Online Banking Notice
Dear Valued Customer,
Santander Online Banking technical services department is carrying out a scheduled software upgrade to improve the quality of services for the bank’s customers. Please upgrade immediately by clicking on this link below:
Secure Sign-In Access
Thank you for your prompt attention to this matter.
According to Hoax-Slayer, the offered link takes users to a spoofed Santander online banking website, where they are asked to enter their ID, passcode, customer PIN, mobile number, landline number and data of birth.
Having done that, the site requests for them to set up three security questions and answers, which will, of course, be misused by the phishers to gain access to the users’ account.
In the end, the users are redirected to the legitimate website of Santander’s UK branch in order to maintain the illusion that nothing out of the ordinary happened.