guichet.lu (Phishing)

Explanation

The goal of this phishing campaign is to steal personal information and credit card information. The distribution happens via email.

The email claims that pending issues with the personal tax ID exist and requests confirmation of personal data in order to complete a tax refund.

The linked website is a copy of the official Guichet.lu website and lures the user with a potential tax refund of 487,36€. It guides the user through several forms in order to steal private information and credit card details. First the user is asked to enter their private information. Then the user is asked to enter their credit card information. After filling out the credit card information, the website claims that the credit card is not valid and asks for another card. This process repeats itself an infinite number of times until the user gives up.

All the steps take place on pages under the malicious domain ’thekingbuilders[.]org’ .

Example

Phishing Mail landing page personal information credit card options credit card informations

0x00

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).

If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.

0x01

Plus d'exemples de phishing

Voir toutes les publications