CYREN GlobalView Security Lab First to Identify and Mitigate Danske Bank and Swedbank Phishing Attack
With the ability to analyze over 12 billion transactions per day on its real-time global infrastructure, CYREN was the first to recognize and stop a targeted phishing attack on customers of the Norwegian and Swedish financial institutions, Danske Bank and Swedbank. Upon identifying the scheme, CYREN immediately notified other industry security firms.
This particular attack included hundreds of new phishing URLs sent out to millions of email recipients within a few hours. By clicking the link, unsuspecting clients were sent to an official looking website that bore a strong resemblance to the actual bank login page.
Fake Danske Bank Website
Fake Swedbank Website
Real Danske Bank Website
Sample links – some hosted on hacked legitimate sites – include:
- http://db-fcfsfb.leightongoldhill.com/www.danskebank.no/aktiveringsside.html?ssl=yes
- http://db-wwdojx.centennial-homes.com/https.danskebank.no/index.php
- http://db-upfhaa.centennial-homes.com/server.danskebank.no/index.php
- http://ics-gcdsqskv.tattzap.com/secure.swedbank.se/index.php
- http://ics-iypgmhdl.tattzap.com/server.swedbank.se/index.php
- http://ics-zzvkcziy.tattzap.com/www.swedbank.se/index.php
In this most recent attack, cyber criminals are using well-honed marketing techniques to move from one target audience to the next by localizing the messaging – first for Danish and then Swedish banking customers.