Latest Threat: POST eboo "Digital Security Certificate" Phishing Scam

A new trilingual phishing campaign is targeting customers of POST Luxembourg banking branch eboo. The fraudulent email, which appears in French, Luxembourgish, and English, claims that the "digital security certificate" associated with your account has been suspended. To "ensure the continuity of secure access," users are pressured to click a link to renew this certificate immediately.

This scam is particularly deceptive as it uses a legitimate business tool (Zoho Invoice) to send the message, which helps it bypass many traditional spam filters.

How to spot this phishing attack:

1. The "Reply-To" Address is a Personal Account: While the sender name says "eBoo SA," the hidden "Reply-To" address is [email protected]. A professional service like eboo would never use a personal Yahoo account for official support.

2. Misuse of Zoho Invoice: The email is sent via sender.zohoinvoice.com. Scammers often misuse legitimate invoicing platforms to give their emails a professional look and a higher chance of reaching the inbox.

3. Malicious Polish URL: The link provided for renewal points to paniodszkoly.pl/ES410938/. This is a compromised or fraudulent Polish domain that has no connection to POST Luxembourg or the official eboo.lu portal.

4. Vague Technical Claims: The email refers to a "digital security certificate" being suspended. This is a vague technical term used to confuse and alarm users who may not be familiar with the specifics of their account security.

If you receive this email, do not click the link. Delete it immediately. For any issues regarding your eboo account, always log in directly via the official eboo.lu website or the POST Luxembourg website.