Phishing threat
2026-06-08

CCSS (Phishing)

Explanation

The objective of this phishing campaign is to obtain personal information, credit card information and LuxTrust credentials from unsuspecting individuals.

A simple math problem has to be solved by the user. This looks like human verification tests commonly found on websites.

After that, the victim is informed that the validity of their insurance card has expired and they are asked to provide their name, birthday and email address.

The following page continues the collection of personal information by asking for address information and phone number.

After that, credit card information is phished.

In the last step, the victim’s LuxTrust credentials are requested.

Before the “confirmation” of the successful transaction is shown to the victim, a fake loading page pretends to create a connection to Visa / Mastercard to verify the transaction.

When the victim clicks on “Retour à l’accueil”, they are redirected to the legitimate CCSS page.

All the previously described steps take place on pages under the malicious domain ‘centre-cnlu[.]info’ .

Example

page1 page2 page3 page4 page5 page6 page7 page8

0x00

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).

If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.

0x01

More phishing threats to be aware of

View all