Since last night, another dangerous email has been circulating. If you receive a mail from itsme@proximus.be with subject “Update required” delete it immediately and do not open it. This is a very well-crafted phishing mail with accompanying phishing website where the attackers were able to use the official proximus domain to send fake mails around. Spoofing, in other words.
We investigated the suspicious mail. The unsuspecting user was greeted with the below message in his or her mailbox:
At first glance it looks like a normal mail and especially when one sees that the mail comes from the official @proximus.be domain. When one clicks further on a realistic-looking URL, one is shown a very well recreated website:
However upon inspection, the buttons appear to redirect to domains that do not belong to Proximus or Itsme but to a domain named: “fitnesscanjeduwen.shop” …
When one does click further one is presented with a bank selection screen.
Again, the logos do not refer to official bank channels:
If you choose your bank afterwards, you also get to see a very convincing bank login screen specifically recreated for each bank.
Nothing could be further from the truth because when we re-examine the buttons we see that scripts are executed when the unsuspecting user pushes confirm.
In other words, the attacker obtains your banking information and can thus attempt to obtain your banking, data and possibly accounts.
Therefore the best advice you can follow is always either manually enter the website or via google and log into your accoutn there on the official website of e.g. itsme.
If an update was needed it will certainly show up in your personal account after logging in.
Stay safe and attentive to suspicious emails and websites. If in doubt feel free to contact us and we will be happy to help you!
//ALLCORE IT
