A recent phishing campaign is targeting CEC BANK customers from Romania. The attackers exploit the weebly.com network and then use a bridge site that directs the users to the malicious landing page where the data is collected.
Several examples of malicious links:
Step 1. The first link which is inserted in the phishing email campaign: http://click.promote.weebly.com/ls/click?upn=
Step 2. formaveneto.it/ughgyf or ceaproma.it/gbwhshd , IPs: 18.104.22.168, 22.214.171.124 ( AS31034, Aruba )
Step 3. cec-finance-ro.eu/cec/ or cec-finance-ro.com/cec/, IPs: 126.96.36.199, 188.8.131.52 ( AS31034, Aruba )
https://wwww.zetar.it/cec/ 184.108.40.206 ( AS31034, Aruba )
Phishing email headers
Received: from 220.127.116.11 (EHLO o5.promote.weebly.com)
Received-SPF: pass (domain of promote.weebly.com designates 18.104.22.168 as permitted sender)
Phishing URLs are deceptive websites designed to steal your personal information, such as personal data and bank details. Recognizing phishing URLs is very important – here are some tips to help you identify a phishing campaign:
- Use a good antivirus, on both PC and phone. We recommend ESET, and McAfee – every time we report malicious URLs, they promptly reply and update their database.
- If you suspect a phishing attempt, report it to the relevant authorities or the organization being impersonated. Report the phishing URL to: Google, Netcraft, ESET.
Try our Free site check.