Select Page

Cyren Security Blog

Targeted Financial Phishing Attack Identified and Mitigated by CYREN

CYREN GlobalView Security Lab First to Identify and Mitigate Danske Bank and Swedbank Phishing Attack

With the ability to analyze over 12 billion transactions per day on its real-time global infrastructure, CYREN was the first to recognize and stop a targeted phishing attack on customers of the Norwegian and Swedish financial institutions, Danske Bank and Swedbank. Upon identifying the scheme, CYREN immediately notified other industry security firms.

This particular attack included hundreds of new phishing URLs sent out to millions of email recipients within a few hours. By clicking the link, unsuspecting clients were sent to an official looking website that bore a strong resemblance to the actual bank login page.

Fake Danske Bank Website

danske bank website

Fake Swedbank Website

fake swedbank website

Real Danske Bank Website

real danske bank website

Sample links – some hosted on hacked legitimate sites – include:

  • http://db-fcfsfb.leightongoldhill.com/www.danskebank.no/aktiveringsside.html?ssl=yes
  • http://db-wwdojx.centennial-homes.com/https.danskebank.no/index.php
  • http://db-upfhaa.centennial-homes.com/server.danskebank.no/index.php
  • http://ics-gcdsqskv.tattzap.com/secure.swedbank.se/index.php
  • http://ics-iypgmhdl.tattzap.com/server.swedbank.se/index.php
  • http://ics-zzvkcziy.tattzap.com/www.swedbank.se/index.php

In this most recent attack, cyber criminals are using well-honed marketing techniques to move from one target audience to the next by localizing the messaging – first for Danish and then Swedish banking customers.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...