The branding of Post Group was recently used in a phishing attack, leaving some of its banking service customers prey to deceptive transactions through emails redirecting them to fake websites.
Last week, several customers of the Post Group bank were taken aback when they discovered unauthorised transactions in their accounts. One individual reached out to RTL to enquire about a possible major hacking attack on the Post Group's banking division, but this turned out not to be the case.
According to the person concerned, a five-figure sum had been transferred from their account without their knowledge. When questioned, Post officials told them that this was not an isolated case.
The Post Group confirmed the incident to our colleagues at RTL.lu and disclosed that a series of phishing emails were sent out last week.
Scammers masqueraded as Post or LuxTrust and attempted to trick customers into providing their personal data by directing them to a fake site designed with the Post and LuxTrust "look & feel". Their aim was to link the victim's account with a Payconiq application and carry out "fraudulent transactions".
Post never sends emails requesting login information
Post assures that they always respond swiftly to counter such attacks by blocking the malicious links and alerting customers about the issue through digital channels.
Post stresses that it never sends emails requesting login information, advising customers to refrain from clicking on such links and delete them immediately. Customers can safely access their eboo accounts using the "eboo" app or www.eboo.lu.
If a customer has nevertheless clicked on a fraudulent link, they should immediately call the Post Finance Contact Centre at 8002 8004 between (available between 7am and 8pm).
In such cases, 'Post Finance' will instantly block the eboo account and the link to Payconiq. Customers are also advised to report the criminal activity to the police, change their LuxTrust password, and provide a copy of the complaint to Post Finance.
No information on the number of customers affected
Post Group assures the public that there are no systemic vulnerabilities in the eboo security system and that they are committed to safeguarding their customers' interests to the best of their ability.
The Post Group has opted not to disclose the number of affected customers or the total amount of money that was stolen, citing security and confidentiality concerns. There was also no statement on whether the money had been reimbursed into the affected accounts.
The individual who reported the incident to RTL stated that the money had been returned to their account. However, even Post was unable to explain how. Several other affected individuals are in the same situation.
