Viruses, worms, trojans and other stuff

Tuesday, October 04, 2005

Nordic Phishing

Phishing attacks have been jumping from one geographical area to another. First we saw them in USA. Then in Australia. Then UK. Then in Germany, localized to German language. In early 2005, we saw isolated phishing cases in Denmark.

Last night an unknown party launched a large-scale attack against Nordea Sweden. Nordea is the largest bank in Nordic countries. It also operates one of the largest internet banks in the world, with over 4 million internet customers in eight countries.

Basically this was a normal phishing scam: somebody spammed a large amount of spoofed emails with links pointing to a fake bank. What made it different was two things:

  1. The phishing emails were in Swedish
  2. Nordea operates a one-time password system

The one-time password system in use by Nordea Sweden consists of a scratch sheet, where you will scratch to uncover the next available pin code for login.

Attacking a site like this is quite a bit more challenging than attacking banks authenticating users with a bank account number and a constant 4-number pin which never changes.

However, that's just what has now been attempted.

The fake mails were explaining that Nordea is introducing new security measures, which can be accessed at or (fake sites hosted in South Korea).

The fake sites looked fairly real. They were asking the user for his personal number, access code and the next available scratch code. Regardless of what you entered, the site would complain about the scratch code and asked you to try the next one. In reality the bad boys were trying to collect several scratch codes for their own use.


  • I have just added you to my most loved and will most certainly check you out again. Hey man you have a really excellent blog here. I would like it if you took a peek at my site and told me what you think. identity theft alert

    By Anonymous Identity theft help, at 4:51 AM  

Post a Comment

<< Home