[FSec] Nordea Phishing Campaign Continues

Status
Für weitere Antworten geschlossen.

Newsfeed

Nachrichtenbote
Just when we thought this Nordea phishing campaign is over, it reared its ugly head once again. It made its comeback last March 5th.

first_seen.png


The phishing site looks pretty similar to the actual Nordea Finnish website.

site.PNG


Being a Nordea customer, I know that if the perpetrator is able to steal my information from this page, there is nothing else they can do other than login to my account once and check my balance. They will be unable to do any transactions since they would need more than 1 pin number.

However, the ones behind this did their homework.

If someone falls victim to this attack, they will be led to yet another page that asks for the previous pin and the next four pins.

first_error_page.PNG


After this page, the victim will be asked for the last 4 digits of their credit card and CVV.

second_error_page.PNG


Once all those information are stolen, the fake page will redirect to the real Nordea website.

redirection.PNG


As expected, for the last 7 days, majority of the phishing site visitors were from Finland.

visits.png


We do have a detection already that covers this.

wts_block.PNG


And it's good to note that if you are using our product, when you visit the real Nordea bank, Banking Protection will trigger and isolate unknown traffic during your banking session.

nordea_real.PNG


On 12/03/15 At 03:29 PM

Weiterlesen...
 
S

Stiller

You do not have to look for a perpetrator. Nordea itself stole money from my account. They imposed fees without previous notice. When I asked about it, the reply was, they wanted to get rid of customers who did not invest as much money as they wanted. What is the difference to an extortion racket of gangsters?
 
Status
Für weitere Antworten geschlossen.
Oben