Researchers at Finnish security company F-Secure spotted the large-scale attack on Tuesday night (October 4) against Nordea Sweden, the largest bank in the Nordic countries, with more than 4 million internet customers in eight countries.
F-Secure chief Mikko Hypponen said the attack was special because the emails were in Swedish, and because Nordea operates a one-time password system, consisting of a scratch sheet, which the customer scratches to uncover the next available PIN code for login.
The mail claimed that Nordea was introducing new security measures, and asked customers to go to one of two fake sites hosted in South Korea (www.nordea-se.com and www.nordea-bank.net).
The sites look authentic and asks customers for their personal number, access code and the next available scratch code.
"Regardless of what you entered, the site would complain about the scratch code and asked you to try the next one. In reality the bad boys were trying to collect several scratch codes for their own use," Hypponen said in his bulletin warning of the danger.
Phishing attacks were initially predominantly in English, but they have now branched out into German and Danish earlier this year. This is the first in Swedish.
.jpg&h=140&w=231&c=1&s=0)
iTnews State of Security Breakfast
iTnews State of Data & AI Breakfast
Forrester's AI Forum Sydney
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
