Luxembourg’s financial watchdog, the CSSF, has to the public about a rising cybersecurity threat. The scam specifically targets the accounting departments and corporate executives of large firms and SMEs and has been escalating in Luxembourg since late August 2023, the CSSF said on Monday 4 September,.

Phone calls are usually made in either English or French and often mention a “pending invoice” from a reputable accounting firm. Soon after, victims receive a deceptive email that impersonates high-ranking officials and mimics regulatory authorities like the CSSF using similar-looking email addresses.

In reaction, the Computer Incident Center Luxembourg (Circl) has released a technical document outlining .

The CSSF strongly encourages all regulated organisations to review this report and implement the necessary actions.

Among the guidelines are suggestions for regular security awareness training for staff, familiarising the accounting team with verification processes for wire transfers and enhancing controls for registering new bank details. Additional recommendations include the need for employees to scrutinise source and reply-to email addresses and to consult IT security personnel or Circl if they encounter suspicious emails.

For victims, the immediate steps include contacting both the originating and destination banks to halt any fraudulent wire transfers, filing a police complaint and seeking technical assistance from Circl for IT security incidents.

The complete set of recommendations can be accessed .