TLDR
Researchers at SANS ISC observed a phishing wave targeting customers of a major Belgian bank (Belfius). The email looks like a standard banking login prompt, but the malicious link uses an obfuscation trick: it is written as an IPv6...
How it works
Researchers at SANS ISC observed a phishing wave targeting customers of a major Belgian bank (Belfius). The email looks like a standard banking login prompt, but the malicious link uses an obfuscation trick: it is written as an IPv6...
Red flags
- URL uses an IP literal in square brackets rather than a bank domain. Sender urges login via link in email instead of typing the bank URL. Final destination is on a generic qzz.io subdomain mimicking bank login pages
What to do
- 1Never click banking links from emails
- 2open the bank site manually. Report suspicious bank themed messages to your bank and block the sender. Enable hardware key or app based 2FA so a stolen password is not enough
Source
FAQ
Is eBanking Phishing Hides Behind IPv4 Mapped IPv6 Address (Belfius) a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
URL uses an IP literal in square brackets rather than a bank domain. Sender urges login via link in email instead of typing the bank URL. Final destination is on a generic qzz.io subdomain mimicking bank login pages
What should I do first?
Never click banking links from emails; open the bank site manually. Report suspicious bank themed messages to your bank and block the sender. Enable hardware key or app based 2FA so a stolen password is not enough
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.