PaymentADV337.htm - Fake Remittance Slip

The PHP file for sending your details to the phisherman is: https://boernereservations.com/inno

We have no idea what this place is, but their website is being used for Payment Advice phishing spam.

The PHP file for sending your details to the phisherman is: https://boernereservations.com/innos/safe.php

The HTML is:

 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>ADD - Authentification</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<!-- App favicon -->
<link rel="shortcut icon" href="https://sourcing.academiaraqmya.gov.ma/public/assets/images/favicon.ico">

<!-- App css -->
<link href="https://sourcing.academiaraqmya.gov.ma/public/assets/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://sourcing.academiaraqmya.gov.ma/public/assets/css/icons.css" rel="stylesheet" type="text/css" />
<link href="https://sourcing.academiaraqmya.gov.ma/public/assets/css/metisMenu.min.css" rel="stylesheet" type="text/css" />
<link href="https://sourcing.academiaraqmya.gov.ma/public/assets/css/style.css" rel="stylesheet" type="text/css" />

</head>
<body class="account-body accountbg">
<div class="row vh-100 ">
<div class="col-12 align-self-center">
<div class="auth-page">
<div class="card auth-card shadow-lg">
<div class="card-body">
<div class="px-3">
<!-- <img src="https://sourcing.academiaraqmya.gov.ma/public/assets/images/Logo-Academia-Raqmya-FR.png" alt="" class="d-block logo_login mx-auto mt-4" height="250"> -->
<div class="text-center mb-4">
<form method="post" action="#" autocomplete="off" validate>
<input type="hidden" name="login" value="recipient@domain.suffix" >

<h2 class="h4 mb-3 font-weight-normal"><br>Sign in to view document<br><br></h2>
<div class="mt-3">
<input type="email" value="" name="username" id="inputUsername" placeholder="username@domain.suffix" class="form-control login_form" required autofocus>
</div>
<div class="mt-3">
<input type="password" name="password" id="inputPassword" placeholder="Password" class="form-control login_form" required autofocus>
</div>
<div class="mt-4">
<input type="hidden" name="_csrf_token"
value="[STRING]"
>
</div>
<!-- <div class="mt-4">
Mot de passe oubli� ?
<p><a data-toggle="modal" data-animation="bounce" data-target=".bs-example-modal-center" href="#">Envoyer un email de red�finition</a></p>
</div> -->


<button class="btn btn-lg btn-primary" type="submit">
Log In
</button>
</form>
</div> <!--end auth-logo-text-->
</div><!--end /div-->
</div><!--end card-body-->
</div><!--end card-->

<div class="modal fade bs-example-modal-center" tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel" aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<div class="modal-body">
<div class="text-center auth-logo-text mb-4">

</div>
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
</div><!--end auth-page-->
</div><!--end col-->
</div><!--end row-->
<!-- jQuery -->
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/jquery.min.js"></script>
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/bootstrap.bundle.min.js"></script>
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/metisMenu.min.js"></script>
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/waves.min.js"></script>
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/jquery.slimscroll.min.js"></script>
<!-- App js -->
<script src="https://sourcing.academiaraqmya.gov.ma/public/assets/js/app.js"></script>
</body>
</html>
As you can see they are using gov.ma site css and images to try and trick people.
 
 
 

Add comment