Targeted Financial Phishing Attack Identified and Mitigated by CYREN

by Email SecurityIndustry InsightsPhishingSpam

CYREN GlobalView Security Lab First to Identify and Mitigate Danske Bank and Swedbank Phishing Attack

With the ability to analyze over 12 billion transactions per day on its real-time global infrastructure, CYREN was the first to recognize and stop a targeted phishing attack on customers of the Norwegian and Swedish financial institutions, Danske Bank and Swedbank. Upon identifying the scheme, CYREN immediately notified other industry security firms.

This particular attack included hundreds of new phishing URLs sent out to millions of email recipients within a few hours. By clicking the link, unsuspecting clients were sent to an official looking website that bore a strong resemblance to the actual bank login page.

 

Fake Danske Bank Website

danske bank website

 

Fake Swedbank Website

fake swedbank website

Real Danske Bank Website

real danske bank website

Sample links – some hosted on hacked legitimate sites – include:

  • http://db-fcfsfb.leightongoldhill.com/www.danskebank.no/aktiveringsside.html?ssl=yes
  • http://db-wwdojx.centennial-homes.com/https.danskebank.no/index.php
  • http://db-upfhaa.centennial-homes.com/server.danskebank.no/index.php
  • http://ics-gcdsqskv.tattzap.com/secure.swedbank.se/index.php
  • http://ics-iypgmhdl.tattzap.com/server.swedbank.se/index.php
  • http://ics-zzvkcziy.tattzap.com/www.swedbank.se/index.php

In this most recent attack, cyber criminals are using well-honed marketing techniques to move from one target audience to the next by localizing the messaging – first for Danish and then Swedish banking customers.

Go back