Phishers Target Swedish Bank

A phishing attack has broken new ground by attacking a Scandinavian bank operating a one-time password.

Researchers at Finnish security company F-Secure spotted the large-scale attack on Tuesday night (October 4) against Nordea Sweden, the largest bank in the Nordic countries, with more than 4 million internet customers in eight countries.

F-Secure chief Mikko Hypponen said the attack was special because the emails were in Swedish, and because Nordea operates a one-time password system, consisting of a scratch sheet, which the customer scratches to uncover the next available PIN code for login.

The mail claimed that Nordea was introducing new security measures, and asked customers to go to one of two fake sites hosted in South Korea ( and

The sites look authentic and asks customers for their personal number, access code and the next available scratch code.

"Regardless of what you entered, the site would complain about the scratch code and asked you to try the next one. In reality the bad boys were trying to collect several scratch codes for their own use," Hypponen said in his bulletin warning of the danger.

Phishing attacks were initially predominantly in English, but they have now branched out into German and Danish earlier this year. This is the first in Swedish.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.