Phishing CEC Bank & malicious redirects & Aruba

A recent phishing campaign is targeting CEC BANK customers from Romania. The attackers exploit the network and then use a bridge site that directs the users to the malicious landing page where the data is collected.

Several examples of malicious links:

Step 1. The first link which is inserted in the phishing email campaign:

Step 2. or , IPs:, ( AS31034, Aruba )

Step 3. or, IPs:, ( AS31034, Aruba )

Malicious URLs: ( AS31034, Aruba )

Phishing email headers
Received: from (EHLO
Received-SPF: pass (domain of designates as permitted sender)

Phishing URLs are deceptive websites designed to steal your personal information, such as personal data and bank details. Recognizing phishing URLs is very important – here are some tips to help you identify a phishing campaign:

  1. Use a good antivirus, on both PC and phone. We recommend ESET, and McAfee – every time we report malicious URLs, they promptly reply and update their database.
  2. If you suspect a phishing attempt, report it to the relevant authorities or the organization being impersonated. Report the phishing URL to: Google, Netcraft, ESET.

Also, if your website was exploited in a phishing campaign, we can help you to recover from it.
MAGEFIX SecurityMalware cleanup & blacklist removal

Try our Free site check.