Nordea Phishing Campaign Continues

Just when we thought this Nordea phishing campaign is over, it reared its ugly head once again. It made its comeback last March 5th.

first_seen (33k image)

The phishing site looks pretty similar to the actual Nordea Finnish website.

site (66k image)

Being a Nordea customer, I know that if the perpetrator is able to steal my information from this page, there is nothing else they can do other than login to my account once and check my balance. They will be unable to do any transactions since they would need more than 1 pin number.

However, the ones behind this did their homework.

If someone falls victim to this attack, they will be led to yet another page that asks for the previous pin and the next four pins.

first_error_page (29k image)

After this page, the victim will be asked for the last 4 digits of their credit card and CVV.

second_error_page (11k image)

Once all those information are stolen, the fake page will redirect to the real Nordea website.

redirection (17k image)

As expected, for the last 7 days, majority of the phishing site visitors were from Finland.

visits (12k image)

We do have a detection already that covers this.

wts_block (61k image)

And it’s good to note that if you are using our product, when you visit the real Nordea bank, Banking Protection will trigger and isolate unknown traffic during your banking session.

nordea_real (61k image)

On 12/03/15 At 03:29 PM

Read more: Nordea Phishing Campaign Continues

Story added 13. March 2015, content source with full text you can find at link above.