Back to Fred Mac Donald's Blog

Phishing Email targeting Luno Cryptocurrency website

Phishing Email targeting Luno Cryptocurrency website

Phishing Email targeting Luno Cryptocurrency website using a "well cloned" version of the luno login/registration page.

The target of this weeks scam is the Cryptocurrency website known as https://www.luno.com/

The email received looks well planned with a couple of images that needs to be downloaded. There are most probably tagged to detect opening rates and if the email used is an active email. So I did allow the display of the images and as a result, I do not have a screenshot of the email.

Hi,

We identified something unusual about a recent sign-in to your Account
Please go to your recent activity page to let us know whether or not this was you

To help keep you safe, we require an extra security challenge

 Review recent activity

 

To opt out or change where you receive security notifications, Click here.

Thanks, 
Team Luno  

Questions? Visit the Help Center  

 

Email Address used

The sending email belongs to some poor fella over at umons.ac.be

URL target

Checking the URL linked to the buttons, you would end up on a page that looks exactly like the luno.com website login page.

Luno Phishing clone

Data-Flow

The data-flow graph indicates a hacked seurce-paym4nt.ga website. Looking at the domain name, the whole thing looks suspect.

luno phishing data-flow

Written by:  - 25 May, 2018  
comments powered by Disqus
flashy