Hungarian Bank, Nepali Domain, Broken Encoding: How a K&H Bank Phishing Kit Exposed Itself

A high-severity credential-phishing campaign impersonated Hungary's K&H Bank by using the display name "K&H Bank" while sending from [email protected] (Nepal); the message hotlinked the real kh.hu favicon, pointed victims to ecstechs.net for credential harvesting, carried a valid DKIM signature despite SPF="none", and exhibited a character encoding mismatch (mojibake) that revealed the phishing kit — IRONSCALES flagged and quarantined the email and the report enumerates IOCs and MITRE mappings.