Threat actors are impersonating a journalist of a Luxembourgish newspaper to collect credentials.
The attack starts with an email that tells the targeted user they have a secured message waiting for them.
By clicking on the link “Read the PDF”, the user is redirected to a document disguised as a “NEW EFT PAYMENT Notification”.
In the final step, the victim is redirected to a fake phishing page, where the ultimate goal is to collect credentials.
If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).
If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.