Belgium bank Belfius target of phishing campaign


Yesterday, MX Lab, http://www.mxlab.eu, reported the ongoing phishing campaign targeting Belgian bank users (ING and Bank van De Post). Today we started to intercept a campaign that will target clients of Belfius.

The emails comes from the spoofed email address “Belfius Bank <Bankingcustomer-services@belfius.be>” with the subjects “Belangrijk Bericht van Belfius Bank” or “Account Update Bericht” and has the following body:

The email is written in poor Dutch and contains some mistakes. It comes down to this: your account is suspended due to 1) transactions that needs to be confirmed or 2) unsufficient update (whatever that means – perhaps not enough details) on the Belfius online account.

bevestigen transactie

Geachte klant,

onze gegevens blijkt dat uw online sessie is te wijten Suspended de volgende reden.

(1) Open Transacties die nog als te Bevestigd door U en valideren Online Banking informatie zoals uw Transaction Manual Details.

(2) Onvoldoende Update op uw Belfius Online Rekening die zou kunnen leiden tot Beëindiging van online bankieren Access.

Wij dringen er bij u om uw Belfius online te herstellen rekening direct naar vermijden definitieve sluiting van uw account.

Klik op het koppelen hieronder om te bevestigen en bijwerken UwBelfius Online Banking account.

logboek op

Bedankt voor het gebruik Belfius online Bank .

The URL included leads to hxxp://palace.leigh.hk//data/home.html and the browser shows us a compromised site. In the background you can see the homepage of Belfius (without a background pattern) and on top of it a popup screen, based on the Lightbox Javascript framework, where you are requested to fill in your details. You are also asked to fill in your full address, PIN number and birthday but none of the fields are required.

When this is finished, you are redirected to the real homepage of the Belfius bank and the phisher will have some good information to work with.

MX Lab recommends not to fill in any details. Any bank will contact you personnaly if a bank needs more information from you.

One thought on “Belgium bank Belfius target of phishing campaign

Comments are closed.