Latest Threat: LuxTrust "Suspicious Activity" Phishing Scam

A new and highly deceptive phishing campaign is targeting LuxTrust users, claiming that "suspicious activity" has been detected on their account. The email, titled "Activite suspecte detectee - Verification requise," creates immediate panic to trick users into a fake verification process.

The message uses professional-looking templates and is sent through legitimate Microsoft infrastructure to bypass traditional spam filters. It urges the recipient to click an "official" button to secure their account before access is permanently restricted.

How to spot this phishing attack:

1. The Sender Address is Random: While the display name says "LuxTrust - Alerte," the actual email address is [email protected]. This belongs to an educational domain in India and has no relation to LuxTrust S.A. in Luxembourg.

2. Deceptive Redirect Links: The main call-to-action banner links to a Microsoft Dynamics marketing redirect that eventually leads to oney-relay.online/lu-fr/Luxtract. This is a fraudulent domain designed to harvest LuxTrust credentials and Luxtrust Mobile codes.

3. Artificial Urgency: The claim of "Suspicious activity detected" is a classic social engineering tactic. By creating a sense of emergency, scammers hope you will click the link out of fear without checking the sender address first.

If you receive this email, do not click the banner or any links. Delete the email immediately. If you are worried about your account security, always check your status directly through the official LuxTrust Mobile app or by visiting luxtrust.com manually.