[FSec] Nordea Phishing Campaign Continues


Just when we thought this Nordea phishing campaign is over, it reared its ugly head once again. It made its comeback last March 5th.

The phishing site looks pretty similar to the actual Nordea Finnish website.

Being a Nordea customer, I know that if the perpetrator is able to steal my information from this page, there is nothing else they can do other than login to my account once and check my balance. They will be unable to do any transactions since they would need more than 1 pin number.

However, the ones behind this did their homework.

If someone falls victim to this attack, they will be led to yet another page that asks for the previous pin and the next four pins.

After this page, the victim will be asked for the last 4 digits of their credit card and CVV.

Once all those information are stolen, the fake page will redirect to the real Nordea website.

As expected, for the last 7 days, majority of the phishing site visitors were from Finland.

We do have a detection already that covers this.

And it's good to note that if you are using our product, when you visit the real Nordea bank, Banking Protection will trigger and isolate unknown traffic during your banking session.

On 12/03/15 At 03:29 PM



You do not have to look for a perpetrator. Nordea itself stole money from my account. They imposed fees without previous notice. When I asked about it, the reply was, they wanted to get rid of customers who did not invest as much money as they wanted. What is the difference to an extortion racket of gangsters?