Report
RUNLIR - phishing campaign targeting Netherlands
Phishers take an approach to bypass security controls never seen in the country
Read reportGroup-IB Amsterdam-based CERT team identified a massive phishing campaign targeting the Netherlands and impersonating Dutch financial organisations. Group-IB code named it RUNLIR. The phishing websites are part of a huge network of 750 connected domains. Group-IB blocked the resources impersonating their local customers but other resources remain active.
The cybercriminals behind use an unorthodox scheme that prompts the users to cut the banking card in two and leave it in their mailbox all the while obtaining their personal and payment info. The scheme uses a unique approach borrowed from cybersecurity pros: it only allows visitors from users in the Netherlands using Dutch mobile networks thanks to a unique combination of tools.