Latest Threat: LuxTrust "Certificate Renewal" Phishing Scam

A sophisticated phishing campaign is targeting LuxTrust users in Luxembourg, claiming that their annual security certificate has expired or needs immediate renewal to "guarantee the continuity of services".

This specific attack employs a notable evasion tactic: the fraudulent website is designed to only load on mobile devices. If accessed via a desktop browser, the page will show an error, a technique used by cybercriminals to bypass automated security scanners and manual analysis by IT departments.

The scam leads victims through a multi-step process designed to steal both LuxTrust credentials and specific banking login details from major Luxembourgish institutions.

How to spot this phishing attack:

1. The Sender is Fraudulent: The email is sent from [email protected]. This is a Canadian internet service provider address and has no connection to LuxTrust S.A.

2. Redirect Links: The button in the email points to coltecom.com/saber. This is a compromised or fraudulent domain used as a redirector.

3. Deceptive Landing Page: The final phishing site is hosted at lux-id.info. Official LuxTrust services only operate on luxtrust.lu or luxtrust.com.

4. Bank Impersonation: Once on the site, the victim is asked to "Choose your bank" from a list including Spuerkeess, BIL, POST, BGL BNP Paribas, ING, Raiffeisen, Banque de Luxembourg, and Deutsche Bank. Clicking a logo leads to a fake login page (e.g., a fake Spuerkeess S-Net portal) designed to harvest your specific bank credentials.

5. Device Evasion: The site specifically checks your "User Agent." If you are not on a smartphone, the site may hide its malicious content to avoid detection.

If you receive this email, do not click the link. Delete it immediately. To manage your LuxTrust certificate, always use the official LuxTrust Mobile app or navigate directly to luxtrust.com by typing it into your browser.