Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified phishing targeting Netherlands Chamber of Commerce Users (KVK).
About Netherlands Chamber of Commerce (KVK)
The Netherlands Chamber of Commerce (Kamer van Koophandel – KVK) is a public service provider. Its main tasks are: managing the Dutch Business Register, providing information, advice and support to Dutch businesses, managing and developing online and offline Dutch business networks, and promoting regional economic development.1
Phishing Page Impersonating – 22494-4867.s1.webspace.re/registratie-2022
![Screenshot of phishing website 22494-4867[.]s1[.]webspace.re[/]registratie-2022](https://shreshtait.com/blog/wp-content/uploads/2023/01/Phishing-page-1024x559.png)
Threat Indicator
- The main domain name webspace.re was registered through OVH
- The subdomain 22494-4867.s1.webspace.re/registratie-2022 under the domain webspace.re has been identified as a phishing page targeting Netherlands Chamber of Commerce users for their personal information.
- Domain name registration date – 05-12-2018
- The domain name resolve to the IP address 45.88.108.231
- The IP address 45.88.108.231 belongs to AS44486(Oliver Horscht is trading as SYNLINQ)
- AS44486(Oliver Horscht is trading as SYNLINQ) is based in Germany
- The phishing websites has links that redirect to the official website of the Netherlands Chamber of Commerce, KVK
Phishing page – 22494-4867[.]s1[.]webspace.re[/]registratie-2022
![Phishing page - 22494-4867[.]s1[.]webspace.re[/]registratie-2022](https://shreshtait.com/blog/wp-content/uploads/2023/01/Phishing-page-1-1024x559.png)
Phishing page accepting fake details
Image – Screenshot of fake detail.
After submitting the detail, the user is redirected to new page. 1
Phishing page 22494-4867[.]s1[.]webspace.re[/]registratie-2022 accepts fake details and shows a message
There is no prompt for confirmation when entering or submitting details for the business. After the details are accepted, the phishing page automatically redirects the user to the official website of the Netherlands Chamber of Commerce (KVK).1
Motive
The motive of the attackers for creating the phishing website targeting Netherlands Chamber of Commerce KVK is to harvest the Personally Identifiable Information (PII) of the user:
- Gathering personal details
- Gathering business details
- Business registration number & other details
Actual KVK official Login Page
Image – screenshot of KVK official login page
Users must use authenticated methods for registration of the business and business-related updates. The actual government processes were available on the website.1
KVK also issues warning against phishing scams
KVK warns users to be cautious of scams and reminds them that legitimate organizations will never ask for personal information through email, messages, or phone calls.1
