| |
|
Date Reported: 16th June 2007  |
Risk Level: MEDIUM |
|
| |
 |
 |
| |
Email Subject: |
Nordea Business and Personal Online Banking: Please Verify Your Banking Service Data |
|
Apparent Sender: |
Nordea |
|
Return Address: |
< dontreply-reference-71sub@nordea.com > |
|
| Email Format: |
HTML |
| |
URL of Web Content: |
http://www.nordea.com.sitemod.portal26pycve wjdndsoadsyckw.ahulled.com/confirm/portal. aspx/login |
|
Location: |
TX, US |
| |
Scam number: |
aa-5072 |
| |
Comments: |
-
Email asks you to confirm/update/verify your account data at Nordea by visiting the given link. You will be taken to a spoof website where your details will be captured for the phishers.
- Nordea never send their users emails requesting personal details in this way.
-
The REAL URL of the spoof website is disguised as "http://nordea.com/sid12rropl/sitemod/ confirm/portal.aspx/login".
-
The REAL URL of the spoof website is hidden by a hyperlinked image in the body of the email. This is a technique used to get past spam filters that can only read normal text.
-
The spoof website this email links to was not online at time of this report, but variations of the scam which link to working websites are bound to exist, so be wary! The website may have been taken down or disabled by the hosts, but quite often these websites are hosted on the personal computer of the phishers, so may only be online at certain times.
-
The REAL URL of the spoof website has been chosen to look very similar to the actual Nordea URL. Do not be fooled!
-
The entire email consists of nothing but an image that contains all of the body text and links to a spoof website. This is a technique used to get past spam filters that can read normal text but not images.
|
| |
|
|
|
 |
| |
|
| |
| |
"Nordea Protection Department requests you to start the client details confirmation procedure."
|
|
 |
| |
| Website: |
|
|
| |
Spoof website not online at time of report...
|
|
|
|
Please send us any scam/phishing emails you have received by reporting them here
For access to our huge blacklist of domain names and to sign up to our live feed of ALL the scams we receive please take a look at our Honeytrap service
If you have received the email below, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content, such as a different subject or return address, or with the fake webpage(s) hosted on a different webserver.
We aim to report every variant of the scams we receive, so even if it appears that a scam you receive has already been reported, please submit it to us anyway.
|
