CNS (Phishing)

Explanation

The goal of this phishing campaign is to steal personal data as well as credit card information.

The distribution method is unknown since only the phishing link was provided to us.

In this phishing attempt the threat actor impersonates the Caisse Nationale de Santé (CNS) and claims that the user’s social security card needs to be renewed as it expires soon.

By clicking on the ‘Procéder à la mise à jour’ button, the user is redirected to a form asking for personal information (including the user’s social security number and address). After entering the personal information and going to the next step the user will be asked for their credit card details.

In the background, all collected information is sent to the malicious actor

All the steps take place on pages under the malicious domain ‘csn-lu[.]plsled[.]com’ .

Example

startpage personalinformation creditcardinformation

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).

If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.

CNS (Phishing)

Explanation

Example

Prevention

Mehr phishing Beispiele

BILnet (Phishing)

LuxTrust (Smishing)

guichet.lu (Smishing)

Über uns

Nächste Schritte

Ressourcen