Phishing targeting Netherlands Chamber of Commerce users(KVK)

Phishing targeting Netherlands Chamber of Commerce users(KVK)

Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified phishing targeting Netherlands Chamber of Commerce Users (KVK).

About Netherlands Chamber of Commerce (KVK)

The Netherlands Chamber of Commerce (Kamer van Koophandel – KVK) is a public service provider. Its main tasks are: managing the Dutch Business Register, providing information, advice and support to Dutch businesses, managing and developing online and offline Dutch business networks, and promoting regional economic development.1

Phishing Page Impersonating – 22494-4867.s1.webspace.re/registratie-2022
Screenshot of phishing website 22494-4867[.]s1[.]webspace.re[/]registratie-2022
Image -Screenshot of phishing website 22494-4867.s1.webspace.re/registratie-2022
Threat Indicator
  • The main domain name webspace.re was registered through OVH
  • The subdomain 22494-4867.s1.webspace.re/registratie-2022 under the domain webspace.re has been identified as a phishing page targeting Netherlands Chamber of Commerce users for their personal information.
  • Domain name registration date – 05-12-2018
  • The domain name resolve to the IP address 45.88.108.231
  • The IP address 45.88.108.231 belongs to AS44486(Oliver Horscht is trading as SYNLINQ)
  • AS44486(Oliver Horscht is trading as SYNLINQ) is based in Germany
  • The phishing websites has links that redirect to the official website of the Netherlands Chamber of Commerce, KVK
Phishing page – 22494-4867[.]s1[.]webspace.re[/]registratie-2022
Phishing page - 22494-4867[.]s1[.]webspace.re[/]registratie-2022
Image -Screenshot of the contact detail
Phishing page accepting fake details

Image – Screenshot of fake detail.

After submitting the detail, the user is redirected to new page. 1

Phishing page 22494-4867[.]s1[.]webspace.re[/]registratie-2022 accepts fake details and shows a message
Phishing page accepts fake details and shows a message
Image – Screenshot of fake details getting accepted

There is no prompt for confirmation when entering or submitting details for the business. After the details are accepted, the phishing page automatically redirects the user to the official website of the Netherlands Chamber of Commerce (KVK).1

Motive

The motive of the attackers for creating the phishing website targeting Netherlands Chamber of Commerce KVK is to harvest the Personally Identifiable Information (PII) of the user:

  • Gathering personal details
  • Gathering business details
  • Business registration number & other details
Actual KVK official Login Page
Actual KVK official Login Page

Image – screenshot of KVK official login page

Users must use authenticated methods for registration of the business and business-related updates. The actual government processes were available on the website.1

KVK also issues warning against phishing scams

KVK warns users to be cautious of scams and reminds them that legitimate organizations will never ask for personal information through email, messages, or phone calls.1

Website | + posts