Email “Factuurbedrag van uw KPN” targets Dutch users of KPN in phishing scam


MX Lab, http://www.mxlab.eu, started to intercept a new phishing campaign by email with the subject “Factuurbedrag van uw KPN” targeting Dutch users of KPN with a statement that an automatic recurring payment hasn’t been authorized and is therefore rejected for payment by the bank. According to the email, certain actions are required otherwise the internet services will be discontinued if no payment is made.

This email is send from the spoofed address “KPN <kpn@kpn.mailing.nl>” and has the following body:

Geachte heer/mevrouw,

Onlangs heeft KPN geprobeerd het factuurbedrag van uw KPN Internetdiensten te incasseren. Helaas is deze automatische incasso geweigerd door de bank met foutmelding:

[ISO MD01 – Machtiging is (nog) niet geregistreerd bij de bank van de debiteur]

Wij adviseren u om uw betaalgegevens voor de automatische incasso te herstellen via uw online MijnKPN account. Wij willen u erop attenderen dat bij een achterstallige betaling uw KPN abonnement tijdelijk geblokkeerd wordt.

Klik hier om naar uw MijnKPN account te gaan.

Met vriendelijke groet,
KPN Internetdiensten

Martine Smith
Directeur Klantenservice

Screenshot of the email:

When clicking on the URL, the browser goes to hxxp://oliveandlavender.com.au/particulier/Mijnkpn/index.htm and has the following screen:

After filling in the email address and password, the user is redirected to hxxp://oliveandlavender.com.au/particulier/Mijnkpn/kiesuwbank/index.html and is given the choice to choose a bank for the payment.

In our case, we have choosen Rabobank – other options are ING, SNS, ABN_Amro and ASN Bank and are being redirected to hxxp://oliveandlavender.com.au/particulier/Mijnkpn/kiesuwbank/Rabo/weiter.html with the next screen that request more specific details regarding your bank account.

For each bank, Rabobank, ING, SNS, ABN_Amro and ASN Bank, a special form is present on the same host. Examples for ING and ABN-Amro.

MX Lab recommends not to following the embedded URL in the phishing email, delete the email and always check the site – the missing https connection and the strange domain name in this case – when filling in personal and bank details.

 

One thought on “Email “Factuurbedrag van uw KPN” targets Dutch users of KPN in phishing scam

Comments are closed.