Phishing email regarding SEPA payments targetting Dutch internet bank users


MX Lab, http://www.mxlab.eu, started to intercept a phishing campaign coming from the spoofed email address “IBAN/Rabobank <overopiban@iban.nl>” with the subject “SEPA: bent u al over ? Wacht niet langer en kom in actie ! ” targeting Dutch internet bank users.

Screenshot of the email:

The email claims that all European payments that are being processed in the SEPA region needs to have an valid IBAN since August, 1st of 2014. In order to be part of the transition, you’ll need to order an IBAN payment card.

The embedded URL leads to hxxp://183.181.34.87/~goodbest/ which is obviously fake but please be warned that Firefox (on MacOS X) is not reporting a possible security risk when accessing this web site.

The first screen welcomes the visitor and you’ll have to click the button to continue.

The second screen requires the completion of your personal details such as name, birthday,account number and expiration date.

The last screen confirms the submission of the details and that the new payment card will be send within 3 to 5 days.

MX Lab recommend, as usual, not to comply to any instructions that are given by email in order to submit some personal details regarding your banking activities.