Mass Phishing Campaign Impersonating UBB Targets Users Across Bulgaria
A new phishing campaign is circulating in Bulgaria, with attackers sending emails impersonating United Bulgarian Bank (UBB). The messages are being delivered to a wide audience — including individuals who are not customers of the bank.
The emails claim that the recipient “has not implemented the new system” and warn that their banking operations will be blocked unless they follow the instructions. A misleading button labeled “Implement the new system now” leads to a phishing page designed to steal personal and financial information.
Banks do not request software installations via email, nor do they block accounts through such communication. The campaign’s goal is to trick users into entering sensitive data.
What We Know About the Campaign
Emails are sent in bulk, not only to actual clients.
The message is written to create urgency and pressure.
Links redirect to pages mimicking online banking portals.
The campaign aligns with the seasonal spike of phishing attacks in Q4.
Why Attacks Are Increasing Now
The period around the euro transition is particularly vulnerable for citizens, banks and institutions. During large-scale financial changes, cybercriminals intensify phishing campaigns, leveraging confusion, heightened information flow and expected adjustments in banking processes. In the coming weeks, a rise in social engineering attacks — emails, SMS and fake websites referencing the euro — is highly likely.
What Users Should Do
Do not click on links in suspicious emails.
Do not enter personal or financial information.
Verify the sender’s email address.
Contact your bank through official channels if unsure.
Enable multi-factor authentication (MFA).
Use strong, unique passwords.
DIAMATIX Perspective
Phishing remains one of the primary entry points for account compromise, fraud and broader cyber incidents. This campaign underscores the need for:
email traffic monitoring and detection of brand impersonation;
user awareness and phishing simulations;
automatic blocking of phishing URLs through SIEM/XDR;
24/7 SOC capable of detecting credential harvesting and account takeover attempts;
identity, session and cloud token protection.
With DIAMATIX MDR 360°, Shield SIEM/XDR and our 24/7 EU-based SOC, organizations gain proactive detection, real-time response and strong defense against this type of threat.
Sources
Focus News
bTV News
Dir.bg
Nova.bg
Ready to go further?
Experience how continuous detection and response enhance compliance in action with MDR 360°.
→ Request MDR 360° Demo
