Nordea Sweden shuts Internet banking due to targeted phishing
Mikko writes in the F-Secure "News from the Lab" Blog:
Phishing attacks have been jumping from one geographical area to another. First we saw them in USA. Then in Australia. Then UK. Then in Germany, localized to German language. In early 2005, we saw isolated phishing cases in Denmark.
Last night an unknown party launched a large-scale attack against Nordea Sweden. Nordea is the largest bank in Nordic countries. It also operates one of the largest internet banks in the world, with over 4 million internet customers in eight countries.
Basically this was a normal phishing scam: somebody spammed a large amount of spoofed emails with links pointing to a fake bank. What made it different was two things:
1. The phishing emails were in Swedish
2. Nordea operates a one-time password system
The one-time password system in use by Nordea Sweden consists of a scratch sheet, where you will scratch to uncover the next available pin code for login.
Attacking a site like this is quite a bit more challenging than attacking banks authenticating users with a bank account number and a constant 4-number pin which never changes.
However, that's just what has now been attempted.
0 Comments:
Post a Comment
<< Home