Explanation
This phishing involves collecting LuxTrust and credit card credentials.
The attack illustrated below starts with an e-mail that contains no message apart from a link (“MA MESSAGERIE”). This link then redirects the victim to a page where they can select one of the following LuxTrust related authentication options: Token, LuxTrust Scan or LuxTrust Mobile. The other options such as SmartCard, Signing Stick and eID Luxembourgeoise are missing from this phishing.
The next step is to choose one of 6 Luxembourgish financial institutions. Afterwards the victim is prompted to enter the respective authentication details (User ID, Password, OTP token), until they finally land on a page where they are asked for their card details.
All the steps described above have taken place on pages under the malicious domain s.newslettescreationslines.eu .
Example
 
 
 
 
 
 


