ANTAI (Phishing)

Explanation

The objective of this phishing campaign is to steal personal information, credit card information and ultimately money. The distribution happens via email by misusing a valid survey provider. This method of distribution makes detection difficult since the sender and malicious link initially appear authentic.

The email allegedly originates from the french Agence Nationale de Traitement Automatisé des Infractions (ANTAI) and lures the user into clicking on a link in order to fill out missing information. Upon clicking the link, the user gets redirected to a static website that displays a payment reminder for a traffic violation. The text puts the user under pressure to pay immediately in order to avoid an even higher fine.

If the user follows the link on the static website, he gets asked for his personal information as well as credit card details.

The following domain was observed in the context of this phishing campaign:

amendes-gouv-infractions-routieres-fr[.]rushhubegy[.]com

Example

page_1 page_2 page_3 page_4 page_5

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).

If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.

ANTAI (Phishing)

Explanation

Example

Prevention

Mehr phishing Beispiele

LuxTrust (Phishing)

Rockhal (Phishing)

guichet.lu (Phishing)

Über uns

Nächste Schritte

Ressourcen