Latest Threat: Enovos "Energy Refund" Phishing Scam

A new phishing campaign is currently impersonating Enovos, targeting customers in Luxembourg with fake "Refund Available" notifications. The email claims that following a contract adjustment, an overpayment of 117.90 € has been detected and is ready to be claimed.

The scam uses high-quality Enovos branding and professional formatting to trick victims into clicking a malicious link to "confirm banking details". This is a classic "Refund Scam" designed to harvest financial information and bank login credentials.

How to spot this phishing attack:

1. The Sender Address is Unauthorized: While the display name shows "Enovos Energie," the actual email address is [email protected]. Official Enovos communications will always originate from an official @enovos.lu domain, not a third-party social media domain.

2. Use of a URL Shortener: The button to "Réclamer mon remboursement" (Claim my refund) uses a shortened URL: shorturl.at/FnCuU. Legitimate energy providers do not hide their destination links behind generic URL shorteners for sensitive financial transactions.

3. Suspicious Contract Reference: The email cites a generic contract number CMD-2026-RF98439. If you compare this to your actual Enovos customer portal or paper invoices, it will not match your specific account records.

4. Pressure via Validity Period: The email claims the link is only valid for 30 days. While this seems like a long window, scammers use this "expiry" notice to make the offer of money feel tangible and time-sensitive.

If you receive this email, do not click the link and do not provide your banking information. Delete the message immediately. If you believe you are actually owed a refund, always log in directly via the official my.enovos.lu portal to check your account safely.