Centre commun de la sécurité sociale (Smishing)

Explanation

This smishing (SMS phishing) campaign tries to collect personal and credit card information by impersonating Centre commun de la sécurité sociale (CCSS). The users are tricked into believing that their social security card is no longer valid. They are asked to provide their details in order to deliver the new card. After connecting to the phishing domain ‘ccss-card.info’, the users are asked for their personal details. It starts with their name, birth date and email, before continuing with their phone number and address. Finally, in a last step it is also required to provide their credit card details in order to pay for the supposed delivery.

Example

landing_page personal_page address_page payment_page finish_page

0x00

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).

If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.

0x01

More phishing threats to be aware of

View all

Centre commun de la sécurité sociale (Smishing)

Explanation

Example

Prevention

More phishing threats to be aware of

guichet.lu (Smishing)

guichet.lu (Smishing)

Your Package is on Hold – Please Follow the Instructions to Release

About us

Next steps

Resources