Explanation
Threat actors are using a phishing campaign that mimics the appearance of the official Luxembourgish government website (https://gouvernement.lu/fr.html).
The attack begins with a seemingly legitimate SMS that tells the recipient that they are eligible for a tax refund and provides a link to follow. However, when the link is clicked, the user is redirected to a fake version of the gouvernement.lu website. On this page, the victim is asked to choose their bank from a list of options, including Bilnet, Spuerkees, ING, eboo banque and BGL BNP Paribas.
After selecting their bank, the victim is redirected to a fake login form that is themed to match the bank they selected.
The ultimate goal of this phishing attack is to collect the victim’s banking login credentials.
Example




