Just when we thought this Nordea phishing campaign is over, it reared its ugly head once again. It made its comeback on March 5th.
The phishing site looks pretty similar to the actual Nordea Finnish website.
Many of us in the Labs are Nordea customers, so we know that if the perpetrator is able to steal information from this page, there is nothing else they can do other than login to accounts once and check the balance. They will be unable to do any transactions since they would need more than one pin number.
However, the ones behind this did their homework.
If someone falls victim to this attack, they will be led to yet another page that asks for the previous pin and the next four pins.
After this page, the victim will be asked for the last 4 digits of their credit card and CVV.
Once all those information are stolen, the fake page will redirect to the real Nordea website.
As expected, for the last 7 days, majority of the phishing site visitors were from Finland.
We do have a detection already that covers this.
And it's good to note that if you are using our product, when you visit the real Nordea bank, Banking Protection will trigger and isolate unknown traffic during your banking session.