Explanation
Threat actors launched a sophisticated phishing campaign targeting users of the myguichet.lu portal. The phishing scheme follows a multi-step process to deceive and gather sensitive personal and financial information from the victims. Below is a detailed breakdown of the phishing campaign:
Initial Redirection:
- The victim is redirected to a malicious landing page that is a counterfeit of the official myguichet.lu website.
- This page displays a myguichet logo and a “Continuer” button to portray a sense of legitimacy and acquire the victim’s trust.
National Identification Inquiry:
- Upon clicking “Continuer”, the victim is taken to a second page that requests their national identification number.
Fake Fine Notification:
- The third page presents a fake fine invoice, due to alleged improper parking.
Personal Information Solicitation:
- The fourth page requests detailed personal information including the victim’s name, family name, address, phone number, and date of birth.
Financial Information Phishing:
- The fifth page solicits the victim’s credit card details under the guise of paying the fine.
False Confirmation:
- A sixth page is presented, showing a confirmation text stating that the payment has been successfully executed.
- Upon clicking “Finir”, the victim is redirected to the official myguichet.lu website, further obscuring the deceptive process.
Example
