KfW Bank as phishing bait
The discussions surrounding the possible introduction of a “digital euro” are currently being used as an attack vector for phishing campaigns. Among others, fake websites of the KfW development bank, the European Central Bank, the non-profit consumer organization Stiftung Warentest and the business magazine Capital are being used.
A fake website of the KfW development bank with links to Stiftung Warentest and Capital. An alleged ECB pilot program with unbelievable interest rate promises is advertised.
This appears to be an elaborate phishing campaign, as several websites have been created in this case. If you follow the link from the email, you will be redirected to a fake website of the KfW development bank, which advertises an alleged pilot program of the European Central Bank called “TFOM2426”. KfW Bank has published an official warning about fake websites and phishing emails.
A fake Stiftung Warentest website that gives the alleged pilot program top marks. Who could ever doubt that?
To increase the credibility of the phishing campaign, this website has links to Stiftung Warentest, where the pilot program is supposedly advertised as the “safest and best financial program 2024”.
The business magazine Capital has allegedly awarded the pilot program “TFOM2426” in an exclusive evaluation. This website is also fake.
But that’s not all: the spammers have also created and linked to another website that pretends to be the business magazine Capital and has already named the alleged pilot program the “safest investment product of 2024” before the official program launch.
A fake ECB website where you can register as a participant. Also a phishing website.
The effort involved in phishing is enormous. In order to increase credibility in social engineering, trustworthy websites are copied and populated with false information. KfW, Capital and Stiftung Warentest all enjoy a good reputation in Germany. The ECB and the “digital euro” are certainly known to everyone in the country.
Only a few free places available: The criminals are building up pressure through artificial scarcity.
At the end of the fake ECB phishing website, the “social engineering” is intensified once again. There are, of course, only a limited number of places available. And there are only 431 places left, so be quick now! In addition to the too-good-to-be-true interest rates of 25.5%, there is clearly time pressure here. All the fake websites are designed to get you to sign up and disclose your details. The spammers don’t want you to miss out on this “opportunity” by thinking too long or checking the details. These are all “red flags”, which will hopefully come to light in time.
IoCs: Indicators of Compromise
The IoCs known to us are rated accordingly in 32Guards. The CERT-Bund has been informed and administrators should check the log files to see whether visits to the following websites have taken place and whether they have not yet been blocked by a security product such as a web gateway or firewall.
The following domains are currently known to be malicious:
- ecb-digital[.]eu
- the-future-of-money-ecb[.]com
- stiftung-warentest[.]info
- capltal[.]info
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!
